Failed authorization procedure

Im trying to install a certificate on a subdomain but keeps getting “Failed authorization procedure.”


My domain is:
en.furusjoenrundt.no

I ran this command:
sudo certbot --apache -d en.furusjoenrundt.no

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for en.furusjoenrundt.no
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. en.furusjoenrundt.no (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://www.furusjoenrundt.no/404.shtml [35.176.138.189]: “\n<html lang=“nb-NO” >\n\n<meta charset=“UTF-8”>\n<meta name=“viewport” content=“width=device-width”>\n<!-- WP_H”

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: en.furusjoenrundt.no
    Type: unauthorized
    Detail: Invalid response from
    https://www.furusjoenrundt.no/404.shtml [35.176.138.189]:
    “\n<html lang=“nb-NO” >\n\n<meta
    charset=“UTF-8”>\n<meta name=“viewport”
    content=“width=device-width”>\n<!-- WP_H”

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version):
Apache/2.4.29

The operating system my web server runs on is (include version):
Ubuntu 18.04
My hosting provider, if applicable, is:
Amazon AWS

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

1 Like

Hi @da9l

your domain name is required.

1 Like

Updated to original domain

1 Like

There are some different errors. Checking your domain via https://check-your-website.server-daten.de/?q=en.furusjoenrundt.no

You have ipv4 and ipv6:

Host T IP-Address is auth. ∑ Queries ∑ Timeout
en.furusjoenrundt.no A 35.176.138.189 London/England/United Kingdom (GB) - Amazon Technologies Inc. Hostname: ec2-35-176-138-189.eu-west-2.compute.amazonaws.com yes 1 0
AAAA 2a02:1660:4104:630c:62:50:189:186 Førde/Sogn og Fjordane/Norway (NO) - Enivest AS yes
www.en.furusjoenrundt.no A 62.50.189.186 Bygstad/Sogn og Fjordane/Norway (NO) - ENIVEST
Hostname: web.igt.no yes 1 0
AAAA 2a02:1660:4104:630c:62:50:189:186 Førde/Sogn og Fjordane/Norway (NO) - Enivest AS yes

Amazon versus a place in Norway.

And different http answers:

K https://en.furusjoenrundt.no/ 35.176.138.189, Status 301
https://en.furusjoenrundt.no/ 2a02:1660:4104:630c:62:50:189:186, Status 200
configuration problem - different ip addresses with different status
K http://en.furusjoenrundt.no/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 35.176.138.189, Status 404
http://en.furusjoenrundt.no/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 2a02:1660:4104:630c:62:50:189:186, Status 301
configuration problem - different ip addresses with different status

Letsencrypt prefers ipv6, so that’s critical, if only ipv4 works as expected.

The url check has additional problems, redirect to /404.shtml is always critical.

But first you have to fix your different http answers ipv4 / ipv6.

  • Remove your ipv6 (or, better)
  • use the ipv6 of your amazon ipv4, if there is one.

Then recheck the domain to see, if that error is gone.

3 Likes

Removing the ipv6 record worked and the SSL-certificate is now installed successfully.

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.