Failed authorization procedure. yvonh.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization

refschool · June 17, 2018, 4:18pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.yvonh.com

I ran this command: ./certbot-auto certonly --webroot -w /home/yvonh/public_html/ -d www.yvonh.com -d yvonh.com

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.yvonh.com
http-01 challenge for yvonh.com
Using the webroot path /home/yvonh/public_html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. yvonh.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://yvonh.com/.well-known/acme-challenge/bS5ymRoSXu9yODaofo4wQxNDmAUNptCZOBIOSUjBfW8: "

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: yvonh.com
Type: unauthorized
Detail: Invalid response from
http://yvonh.com/.well-known/acme-challenge/bS5ymRoSXu9yODaofo4wQxNDmAUNptCZOBIOSUjBfW8:
"
<meta name="viewport" content="width=devi"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

My web server is (include version): Apche 2.4

The operating system my web server runs on is (include version): Debian 8

My hosting provider, if applicable, is: self Hosted dedicated server

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): WEBMIN

Hi I had this error while trying to expand a certificat to include the non www version. Spent A few hours trying to solve, so i backed up the website, deleted the vhost and created a new vhost (so it is currently empty)
Then I ran the command to create a certificat with the line above, but I still have this error.

Why does it say that A record is not configured correctly? I checked at the registrar it has the correct IP Adresse.
certbot

I think it’s a DNS misconfiguration? thanks in advance

Osiris · June 17, 2018, 6:42pm

Could you place a test file under the directory /.well-known/acme-challenge/ in the webroot directory (thus under /home/yvonh/public_html/.well-known/acme-challenge/) (for example a simple file called “test” with contents “Test”) and see if it is accessible under http://yvonh.com/.well-known/acme-challenge/test ?

refschool · June 18, 2018, 8:35pm

Hi,
i noticed that the .well-known directory was not created so I created it
I placed the file in the path as you mentioned, when I try to access it redirects to https !
I am pretty sure the vhost is brand new only an empty web folder
when trying to check the SSL for this domain :
https://www.ssllabs.com/ssltest/analyze.html?d=www.yvonh.com
it says Certificate name mismatch, I conclude the domain does not have a certificates, but why it tries to redirect to the https version?

_az · June 18, 2018, 11:58pm

The redirect is coming from some WordPress setting, plugin, or theme.

The reason we know this is that in the response headers, we see that the redirect was generated by PHP:

$ curl -X GET -I http://www.yvonh.com/.well-known/acme-challenge/test
HTTP/1.1 301 Moved Permanently
X-Powered-By: PHP/5.6.30-0+deb8u1
Location: https://www.yvonh.com/.well-known/acme-challenge/test

One way to avoid this issue could be to make sure the very beginning of your .htaccess file begins with:

RewriteEngine On
RewriteRule ^\.well-known - [L]

You could also just use Certbot’s Apache plugin rather than the webroot authenticator, which would take care of problems like this for you.

./certbot-auto certonly -a apache -d www.yvonh.com -d yvonh.com

refschool · June 19, 2018, 6:14pm

The wordpress you see is another install for another domain, Apache doesn't find vyonh.com so it loads the nearest website IMHO

Here is the config file for this vhost

<VirtualHost *:80>
SuexecUserGroup "#1065" "#1060"
ServerName www.yvonh.com

DocumentRoot /home/yvonh/public_html
ErrorLog /var/log/virtualmin/yvonh.com_error_log
CustomLog /var/log/virtualmin/yvonh.com_access_log combined
ScriptAlias /cgi-bin/ /home/yvonh/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/yvonh/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/yvonh/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/yvonh/fcgi-bin/php5.fcgi .php5
</Directory>
<Directory /home/yvonh/cgi-bin>
allow from all
   AllowOverride All     Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
   Require all granted
   </Directory>
   RewriteEngine on
   RewriteCond %{HTTP_HOST} =webmail.yvonh.com
   RewriteRule ^(.*) https://yvonh.com:20000/ [R]
   RewriteCond %{HTTP_HOST} =admin.yvonh.com
   RewriteRule ^(.*) https://yvonh.com:10000/ [R]
   RemoveHandler .php
   RemoveHandler .php5
   php_admin_value engine Off
   FcgidMaxRequestLen 1073741824
   </VirtualHost>

Do you see any misconfiguration? (it was generated vy webmin)

system · July 19, 2018, 6:14pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.