Failed authorization procedure renew Letsencrypt bypass proxy


#1

Please fill out the fields below so we can help you better.

My domain is:test1.abc.com

I ran this command: sudo /opt/letsencrypt/letsencrypt-auto certonly -a webroot --webroot-path=/usr/share/nginx/html -d test1.abc.com certbot certonly --webroot -w /var/www/abc-123456/ -d test1.abc.com

It produced this output:
Failed authorization procedure. test1.abc.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response tt<blockqu<blockqu<font size=""er Errorhallenge/woqzNJq1enVQO8Quwgf1-bLq_SPtP3bGvY9VEwUO1nk: "

My operating system is (include version):
Ubuntu14.04
My web server is (include version):
Apache2 and Nginx
My hosting provider, if applicable, is:
AWS
I can login to a root shell on my machine (yes or no, or I don’t know):
yes

My Anginx sites-enabled config is
server {
listen 443 ssl;
location ~ /.well-known {
allow all;
}
server {
listen 443 ssl;
server_name test1.abc.com;

    location / {
    proxy_pass  http://170.25.30.30;

Added to get CORS working

 add_header 'Access-Control-Allow-Origin' '*';
 add_header 'Access-Control-Allow-Methods' 'POST,GET,OPTIONS';
 if ($request_method = 'OPTIONS') {
   add_header 'Access-Control-Max-Age' '1728000';
   add_header 'Content-Type' 'text/plain charset=UTF-8';
   add_header 'Content-Length' '0';

   add_header 'Access-Control-Allow-Origin' '*';
   add_header 'Access-Control-Allow-Methods' 'POST,GET,OPTIONS';
   return 204;
    }

End CORS

This Command that I run:
sudo /opt/letsencrypt/letsencrypt-auto certonly -a webroot --webroot-path=/usr/share/nginx/html -d test1.abc.com
certbot certonly --webroot -w /var/www/abc-123456/ -d test1.abc.com

Anyone can help me!


#2

Try this location rule for Nginx, this is what I use and have no problems.

# ACME Challenge Rule
location ^~ /.well-known/acme-challenge/ {
	allow all;
    default_type "text/plain";
}

and then I generate my certs as follows, I have included the –dry-run flag for you, always use --dry-run when you are learning your way around LE, then you can see what response the issuing server is giving you without actually generating a cert yet, when it gives you a favorable response, you simply remove the –dry-run flag

sudo ./certbot-auto certonly --agree-tos --rsa-key-size 4096 -m dnsadmin@abc.com -d test1.abc.com --renew-by-default --dry-run

Then you manually add the cert into your test1.abc.com host config in Nginx as follows

    # Include our certificates and chain of trust
	ssl_certificate /etc/letsencrypt/live/test1.abc.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/test1.abc.com/privkey.pem;
	## verify chain of trust of OCSP response using Root CA and Intermediate certs
	ssl_trusted_certificate /etc/letsencrypt/live/test1.abc.com/chain.pem;

#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.