Failed authorization procedure

Hello everyone. I wanted to expand my certificate for an additional subdomain as I have always been doing. The subdomain l which I want to expand my certificate is casaflorez.johannrobinson.com

My domain is:

I ran this command:
certbot certonly --webroot -w /clientesprod/johannrobinson/ -d johannrobinson.com -w /clientes/web_johannrobinson/ -d qa.johannrobinson.com -w /clientes/lab/ -d lab.johannrobinson.com -w /clientes/eliteschool/ -d colegioseliteschool.johannrobinson.com -w /clientes/alpha/memoryapp/ -d memoryapp.johannrobinson.com -w /clientes/alpha/artistapp/ -d artistapp.johannrobinson.com -w /clientes/web_academiafibonaccipre/ -d academiasfibonaccipre.johannrobinson.com -w /clientes/web_colegiosnikolatesla/ -d colegiosnikolatesla.johannrobinson.com -w /clientes/web_colegiosvillamaria/ -d iepvillamaria.johannrobinson.com -w /clientes/web_casaflorez/ -d casaflorez.johannrobinson.com

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/johannrobinson.com.conf)

It contains these names: johannrobinson.com,
academiasfibonaccipre.johannrobinson.com, artistapp.johannrobinson.com,
colegioseliteschool.johannrobinson.com, colegiosnikolatesla.johannrobinson.com,
iepvillamaria.johannrobinson.com, lab.johannrobinson.com,
memoryapp.johannrobinson.com, qa.johannrobinson.com

You requested these names for the new certificate: qa.johannrobinson.com,
lab.johannrobinson.com, colegioseliteschool.johannrobinson.com,
memoryapp.johannrobinson.com, artistapp.johannrobinson.com,
academiasfibonaccipre.johannrobinson.com,
colegiosnikolatesla.johannrobinson.com, iepvillamaria.johannrobinson.com,
casaflorez.johannrobinson.com, johannrobinson.com.

Do you want to expand and replace this existing certificate with the new
certificate?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(E)xpand/(C)ancel: E
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for academiasfibonaccipre.johannrobinson.com
http-01 challenge for artistapp.johannrobinson.com
http-01 challenge for casaflorez.johannrobinson.com
http-01 challenge for colegioseliteschool.johannrobinson.com
http-01 challenge for colegiosnikolatesla.johannrobinson.com
http-01 challenge for iepvillamaria.johannrobinson.com
http-01 challenge for lab.johannrobinson.com
http-01 challenge for memoryapp.johannrobinson.com
http-01 challenge for qa.johannrobinson.com
http-01 challenge for johannrobinson.com
Using the webroot path /clientesprod/johannrobinson for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. johannrobinson.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://johannrobinson.com/mantenimiento/ [159.203.95.130]: "<!DOCTYPE html>\n<html lang=\"es-es\">\n\n<head>\n\t\t\t<!-- Google Analytics -->\n\t\t<script>\n\t\t\t(function(i, s, o, g, r, a, m) {\n\t\t\t\ti['G"

IMPORTANT NOTES:
    - The following errors were reported by the server:

    Domain: johannrobinson.com
    Type:   unauthorized
    Detail: Invalid response from
    https://johannrobinson.com/mantenimiento/ [159.203.95.130]:
    "<!DOCTYPE html>\n<html lang=\"es-es\">\n\n<head>\n\t\t\t<!--
    Google Analytics -->\n\t\t<script>\n\t\t\t(function(i, s, o, g, r,
    a, m) {\n\t\t\t\ti['G"

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is:
nginx version: nginx/1.12.2

The operating system my web server runs on is:
Centos 7

My hosting provider is:
Digital Ocean

I can login to a root shell on my machine:
YES

I’m using a control panel to manage my site:
NO

The version of my client is:
certbot 0.29.1

1 Like

The only way to “https://johannrobinson.com/mantenimiento/” is via an over-achieving redirection statement.
Please review your HTTP server section for domain “johannrobinson.com”.
[or post it here so we may review it together]

1 Like
server {

        listen 80;

        server_name johannrobinson.com www.johannrobinson.com;

        return 301 https://$host$request_uri;

}

There must be more that is not shown.
That post doesn’t even show a redirection that would match the link shown above:

I only see:

return 301 https://$host$request_uri;

Which can mean that this section is NOT being executed and some there exists some other match.
Please show:
nginx -T | grep -i mantenimiento

1 Like

I think, if I read your command correctly…
Here broken down into “sections” to clarify it:

certbot 

certonly 

--webroot 

-w /clientesprod/johannrobinson/ 
-d johannrobinson.com 

-w /clientes/web_johannrobinson/ 
-d qa.johannrobinson.com 

-w /clientes/lab/ 
-d lab.johannrobinson.com 

-w /clientes/eliteschool/ 
-d colegioseliteschool.johannrobinson.com 

-w /clientes/alpha/memoryapp/ 
-d memoryapp.johannrobinson.com 

-w /clientes/alpha/artistapp/ 
-d artistapp.johannrobinson.com 

-w /clientes/web_academiafibonaccipre/ 
-d academiasfibonaccipre.johannrobinson.com 

-w /clientes/web_colegiosnikolatesla/ 
-d colegiosnikolatesla.johannrobinson.com 

-w /clientes/web_colegiosvillamaria/ 
-d iepvillamaria.johannrobinson.com 

-w /clientes/web_casaflorez/ 
-d casaflorez.johannrobinson.com

The webroot being used for domain “johannrobinson.com” is “/clientesprod/johannrobinson/”.
While the root shown for that domain was (after the redirection to HTTPS):

root /clientesprod/web_johannrobinson;

There seems to be some discrepancy there.

1 Like

you’re right i changed the root in my certbot command and it worked. Muchas gracias.

2 Likes

Glad to hear that :slight_smile:
Please mark the ticket as solved.

Cheers from Miami :beers:

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.