Failed authorization procedure. indycrowd.scot (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:indycrowd.scot

I ran this command:certbot -d indycrowd.scot certonly --manual

It produced this output:Failed authorization procedure. indycrowd.scot (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://indycrowd.scot/.well-known/acme-challenge/QZw240YvGOHVNR7rqNrorq36ypZmVb60K_7X3_c5kFE [2001:8d8:100f:f000::2dd]: 204

My web server is (include version):Apache/2.4.29 (Ubuntu)

The operating system my web server runs on is (include version):Ubuntu 18.04.1 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.28.0

I have tried all the possibilities to install letsencrypt on my webserver. On the above method, certbot requested me to create a file QZw240YvGOHVNR7rqNrorq36ypZmVb60K_7X3_c5kFE and paste the content. I did it and the page is working when we directly access the same. However, its still failing to validate by letsencrypt.

http://indycrowd.scot/.well-known/acme-challenge/QZw240YvGOHVNR7rqNrorq36ypZmVb60K_7X3_c5kFE

Hi @pheonixsolutions

your domain has ipv4 and ipv6 - addresses ( https://check-your-website.server-daten.de/?q=indycrowd.scot ):

But these ip addresses send different answers:

If you want to use http-01 - validation, Certbot creates a file in /.well-known/acme-challenge, Letsencrypt checks this file.

But your ipv4 has a redirect, then a ConnectionClosed. Your ipv6 sends a http status 204 - no content.

Letsencrypt prefers ipv6, so it's impossible to validate the file and your domain.

So:

• check your webserver ipv6 configuration, so that ipv6 answers correct
• remove your ipv6 address in your nameserver settings (AAAA entry)

Although it looks like you have removed the IPv6 problem,
Name: indycrowd.scot
Address: 46.101.46.122
Name: www.indycrowd.scot
Address: 46.101.46.122

there has not yet been any cert issued for either name:

So I would change:

to include the "www" and specify the --webroot directly:

certbot -d indycrowd.scot -d www.indycrowd.scot certonly --webroot -w /site/root

NOTE: Replace "/site/root" with corresponding http vhost config file found with:
grep -Eri 'ServerName|ServerAlias' /etc/apache2 | grep indycrowd.scot

[ensure you include both names in your config(s)]

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.