Failed authorization procedure. The client lacks sufficient authorization

valachio · February 1, 2018, 10:38pm

I'm trying to get HTTPS again with certbot and I'm stuck.

I'm following the instructions on this page, and running the Nginx install plugin - sudo certbot --authenticator webroot --installer nginx.

I go through some options, then it ask me for my webroot. I tried a bunch of options, including:

/usr/share/nginx/html
/var/www/html
/usr/share/nginx/www
/usr/share/nginx/html

and a bunch others. But the same error each time.

When I do nano /etc/nginx/sites-enabled/default to check the config file, it tells me my webroot is /var/www/html, but that didn't work.

I'm using Nginx v1.10.3 on Ubuntu 16.04

The full error (I changed my domain name to example.com)

Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.example.com/.well-known/acme-challenge/kL088gTE6TOs1YrAs687MDPZBGRaL3tAZTVh-CNEmA0: "
<meta name="viewport" content="width=device"
IMPORTANT NOTES:

The following errors were reported by the server:

Domain: www.example.com
Type: unauthorized
Detail: Invalid response from
http://www.example.com/.well-known/acme-challenge/kL088gTE6TOs1YrAs687MDPZBGRaL3tAZTVh-CNEmA0:
"
<meta name="viewport" content="width=device"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

schoen · February 1, 2018, 11:51pm

Hi @valachio,

How do you post content on your web site? Do you upload static files somewhere on your server or do you use some kind of web application or CMS?

valachio · February 2, 2018, 4:02pm

Hi @schoen, thanks for your response.

I’m using Django 1.11 and Digitalocean. I use FileZilla to upload any web files or static files onto the server.

schoen · February 2, 2018, 5:19pm

Cool, what directory do you put those files in on the server side?

It’s very possible that your Django configuration is interfering with the challenge requests here (because if all directories are mapped to Django by default, the ACME challenge file may exist, but the web server may not actually serve it in response to an HTTP request for /.well-known/acme-challenge). If that’s the case, you’ll need to modify your web server configuration to make an exception so that /.well-known/acme-challenge is served directly out of the filesystem (as a directory containing static files).

valachio · February 2, 2018, 11:03pm

The directory that I put my files in is /home/valachio/myproject.

I just got it working. I added an extra location config into my Nginx config file (see code snippet below), then used /home/valachio/myproject as my webroot, and now everything is working.

Here is my code snippet, for those having the same issue

server {
    listen 80;
    server_name www.example.com;

    location = /favicon.ico { access_log off; log_not_found off; }
    location /staticfiles/ {
        root /home/valachio/myproject;

    }

    location / {
        include proxy_params;
        proxy_pass http://unix:/home/valachio/myproject/myproject.sock;
    }
    
    // BELOW IS WHAT I ADDED
    location /.well-known/acme-challenge {
        root /home/valachio/myproject;
    }

}

Thanks @schoen!!

system · March 4, 2018, 11:03pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.