Failed authorization procedure (lacks sufficien authorization)

Hello, is there anyone who can help me here please? I have no solution anymore… :frowning:

My domain is: gllmv.de

I ran this command:
./certbot-auto certonly --webroot --webroot-path /var/www/html/gllmv.de --domain gllmv.de

It produced this output:
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for gllmv.de
Using the webroot path /var/www/html/gllmv.de for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. gllmv.de (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://gllmv.de/.well-known/acme-challenge/5Ykx2wY7BPsBF4N_C3Zk9pEjt1nctGDgu06TSfw8R2A:


404 Vhost unknown.


Error 404 Vhost unknown.


IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: gllmv.de
   Type:   unauthorized
   Detail: Invalid response from
   http://gllmv.de/.well-known/acme-challenge/5Ykx2wY7BPsBF4N_C3Zk9pEjt1nctGDgu06TSfw8R2A:
   "<!DOCTYPE html>
   <html>
     <head>
       <title>404 Vhost unknown.</title>
     </head>
     <body>
       <h1>Error 404 Vhost unknown.</h1>
    "

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version): Apache 2.4

The operating system my web server runs on is (include version): Debian 9

I can login to a root shell on my machine (yes or no, or I don’t know): Yep, sure.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

Thanks !!!

Hi @guillaumevende,

Your domain has A (IPv4) and AAAA (IPv6) records, but the IPv6 version is not reaching your Apache server but a Varnish server which seems is not configured properly.

You should fix the IPv6 server conf for your domain or remove the AAAA record because Let’s Encrypt prefers IPv6 over IPv4 and if your domain advertises IPv6, Let’s Encrypt will try to use it to validate the challenge.

Cheers,
sahsanu

4 Likes

Damn… Just searched to resolve this issue 3 hours-long without any solution.
Just a post here and you found it. Well, I just deleted entry for AAAA and I’ll try this evening.
Many thanks for your support and reactivity. I’m seriously planning to make a donation.
Regards,

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.