Failed authorization procedure

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: homunity.com/

I ran this command: certbot renew --dry-run

It produced this output:
Cleaning up challenges
Attempting to renew cert (homunity.com) from /etc/letsencrypt/renewal/homunity.com.conf produced an unexpected error: Failed authorization procedure
. www.homunity.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://
www.homunity.com/.well-known/acme-challenge/X4uV_Qlwuhio93AN_Fca5N_dmsxCQVCVRCw3A5CnRmM [217.182.174.66]: "\n<html lang=“fr”>\n

\n \n Crowdfunding immobilier, plateforme d'", homunity.com (http-01): urn:ietf:params:acme:error :unauthorized :: The client lacks sufficient authorization :: Invalid response from https://www.homunity.com/.well-known/acme-challenge/1_FXJKy5NOYa wOP61e8oEsGoe9RseGKpvZu4cHdRSnU [217.182.174.66]: "\n\n \n \n Crowdfunding immobilier, plateforme d'". Skipping.

Processing /etc/letsencrypt/renewal/preprodv2.homunity.com.conf

Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator nginx, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for preprodv2.homunity.com
Waiting for verification…
Cleaning up challenges

new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/preprodv2.homunity.com/fullchain.pem

The following certs could not be renewed:
/etc/letsencrypt/live/homunity.com/fullchain.pem (failure)

My web server is (include version): nginx/1.14.0

The operating system my web server runs on is (include version): Ubuntu 18.04

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Hello, i did a server migration 2 months ago and it is the period where the certificate is due to renewal. But it does not work. When i run dry-run after installation, it was successfull, but now i get an error, i can’t understand why. The LE files are the same as on the old serveur, i migrated all the files as i was told here on the forum.

It seems like LE can’t access the url, but i can’t understand what it should do. The old server didn’t have this problem.

All ideas are appreciated !
Thank you

2

Can you post the output from “Processing /etc/letsencrypt/renewal/homunity.com.conf” to “Cleaning up challenges”?

3

Thanks for your answer !

Processing /etc/letsencrypt/renewal/homunity.com.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator nginx, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for homunity.com
http-01 challenge for www.homunity.com
Waiting for verification…
Cleaning up challenges

4

If i try https://www.homunity.com/.well-known/acme-challenge/0dJNiq8XC29xh12fmjSxpzP5-1ha7xQwZ3d5GbWPpnY, i get a 404 error. Sorry for the newbie question, but i think i missed some configuration during the migration to the new server.

What should i do with this url ? Should i return something ?

Did i miss an installation process with nginx ?

5

I dont understand. I just saw this : https://crt.sh/?q=homunity.com

The Vhost preprodv2 and homunity.com are on the same server. It seems that the preprod vhost certificate has correctly been renewed on the 22 of april, but the production one is still givin an error.
The configuration between the two in nginx and letsencrypt seems to be the same. Although in log files, the status stays on pending for the first one but valid for the second one.

Please do you have any ideas ?

6

Ok i just found out what was wrong in the configuration.
Thanks !

7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.