Failed authorization procedure. letsencript.vaithi.com (http-01): urn:acme:error:unauthorized

Vaithiyanathan · February 21, 2018, 9:04am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: letsencript.vaithi.com

I ran this command:./letsencrypt-auto certonly --standalone

It produced this output:Obtaining a new certificate
Performing the following challenges:
http-01 challenge for letsencript.vaithi.com
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. letsencript.vaithi.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://letsencript.vaithi.com/.well-known/acme-challenge/UqDwiJCCAJRISeCq9mkP0t9uNbWjsoEQKrlTkb_3HXc [54.82.135.22]: 503

My web server is (include version): nginx/1.4.6

The operating system my web server runs on is (include version):Ubuntu 14

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know):Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):No

_az · February 21, 2018, 9:19am

Okay. So your domain points at your ELBs. That 503 comes from an ELB when there is no backend available/attached to it:

$ curl -i letsencript.freshpo.com
HTTP/1.1 503 Service Unavailable: Back-end server is at capacity
Content-Length: 0
Connection: keep-alive

Can you confirm that you can spin up a web server on port 80 on the EC2 instance, and that you can access it via the ELB? You won’t be able to issue a certificate via Certbot unless the ELB actually routes traffic to your instance.

Once that works, you should be able to run certbot in standalone mode.

Also, if you’re not aware, you can get free automatically renewing certificates that integrate with Amazon ELB via Amazon ACM. It may be a superior solution to Let’s Encrypt in this instance.

Vaithiyanathan · February 21, 2018, 11:01am

Yes am aware of Amazon ACM but i this care i need to know about certbot so thats why.

Vaithiyanathan · February 21, 2018, 11:03am

and also the web server is running in port 80 and i can able to access from outside

Vaithiyanathan · February 21, 2018, 11:06am

while am accessing the elb via port 80 log is printing in access log

_az · February 21, 2018, 11:17am

Well, now that it seems to be working you can try:

./letsencrypt-auto certonly --standalone --pre-hook "service nginx stop" --post-hook "service nginx start" -d letsencript.freshpo.com

However, letsencript.vaithi.com doesn’t seem to exist on your nameservers anymore.

Vaithiyanathan · February 21, 2018, 2:21pm

Issue got fixed used the below command
./certbot-auto --debug -v --server https://acme-v01.api.letsencrypt.org/directory certonly --webroot -w /usr/share/nginx/html/ -d letsencript.vaithi.com

system · March 23, 2018, 2:21pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.