Failed authorization procedure

Hello everyone. I wanted to expand my certificate for an additional subdomain as I have always been doing. The subdomain l which I want to expand my certificate is casaflorez.johannrobinson.com

My domain is:

I ran this command:
certbot certonly --webroot -w /clientesprod/johannrobinson/ -d johannrobinson.com -w /clientes/web_johannrobinson/ -d qa.johannrobinson.com -w /clientes/lab/ -d lab.johannrobinson.com -w /clientes/eliteschool/ -d colegioseliteschool.johannrobinson.com -w /clientes/alpha/memoryapp/ -d memoryapp.johannrobinson.com -w /clientes/alpha/artistapp/ -d artistapp.johannrobinson.com -w /clientes/web_academiafibonaccipre/ -d academiasfibonaccipre.johannrobinson.com -w /clientes/web_colegiosnikolatesla/ -d colegiosnikolatesla.johannrobinson.com -w /clientes/web_colegiosvillamaria/ -d iepvillamaria.johannrobinson.com -w /clientes/web_casaflorez/ -d casaflorez.johannrobinson.com

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/johannrobinson.com.conf)

It contains these names: johannrobinson.com,
academiasfibonaccipre.johannrobinson.com, artistapp.johannrobinson.com,
colegioseliteschool.johannrobinson.com, colegiosnikolatesla.johannrobinson.com,
iepvillamaria.johannrobinson.com, lab.johannrobinson.com,
memoryapp.johannrobinson.com, qa.johannrobinson.com

You requested these names for the new certificate: qa.johannrobinson.com,
lab.johannrobinson.com, colegioseliteschool.johannrobinson.com,
memoryapp.johannrobinson.com, artistapp.johannrobinson.com,
academiasfibonaccipre.johannrobinson.com,
colegiosnikolatesla.johannrobinson.com, iepvillamaria.johannrobinson.com,
casaflorez.johannrobinson.com, johannrobinson.com.

Do you want to expand and replace this existing certificate with the new
certificate?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(E)xpand/(C)ancel: E
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for academiasfibonaccipre.johannrobinson.com
http-01 challenge for artistapp.johannrobinson.com
http-01 challenge for casaflorez.johannrobinson.com
http-01 challenge for colegioseliteschool.johannrobinson.com
http-01 challenge for colegiosnikolatesla.johannrobinson.com
http-01 challenge for iepvillamaria.johannrobinson.com
http-01 challenge for lab.johannrobinson.com
http-01 challenge for memoryapp.johannrobinson.com
http-01 challenge for qa.johannrobinson.com
http-01 challenge for johannrobinson.com
Using the webroot path /clientesprod/johannrobinson for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. johannrobinson.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://johannrobinson.com/mantenimiento/ [159.203.95.130]: "<!DOCTYPE html>\n<html lang=\"es-es\">\n\n<head>\n\t\t\t<!-- Google Analytics -->\n\t\t<script>\n\t\t\t(function(i, s, o, g, r, a, m) {\n\t\t\t\ti['G"

IMPORTANT NOTES:
    - The following errors were reported by the server:

    Domain: johannrobinson.com
    Type:   unauthorized
    Detail: Invalid response from
    https://johannrobinson.com/mantenimiento/ [159.203.95.130]:
    "<!DOCTYPE html>\n<html lang=\"es-es\">\n\n<head>\n\t\t\t<!--
    Google Analytics -->\n\t\t<script>\n\t\t\t(function(i, s, o, g, r,
    a, m) {\n\t\t\t\ti['G"

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is:
nginx version: nginx/1.12.2

The operating system my web server runs on is:
Centos 7

My hosting provider is:
Digital Ocean

I can login to a root shell on my machine:
YES

I’m using a control panel to manage my site:
NO

The version of my client is:
certbot 0.29.1

The only way to "https://johannrobinson.com/mantenimiento/" is via an over-achieving redirection statement.
Please review your HTTP server section for domain "johannrobinson.com".
[or post it here so we may review it together]

server {

        listen 80;

        server_name johannrobinson.com www.johannrobinson.com;

        return 301 https://$host$request_uri;

}

There must be more that is not shown.
That post doesn't even show a redirection that would match the link shown above:

I only see:

return 301 https://$host$request_uri;

Which can mean that this section is NOT being executed and some there exists some other match.
Please show:
nginx -T | grep -i mantenimiento

I think, if I read your command correctly…
Here broken down into “sections” to clarify it:

certbot 

certonly 

--webroot 

-w /clientesprod/johannrobinson/ 
-d johannrobinson.com 

-w /clientes/web_johannrobinson/ 
-d qa.johannrobinson.com 

-w /clientes/lab/ 
-d lab.johannrobinson.com 

-w /clientes/eliteschool/ 
-d colegioseliteschool.johannrobinson.com 

-w /clientes/alpha/memoryapp/ 
-d memoryapp.johannrobinson.com 

-w /clientes/alpha/artistapp/ 
-d artistapp.johannrobinson.com 

-w /clientes/web_academiafibonaccipre/ 
-d academiasfibonaccipre.johannrobinson.com 

-w /clientes/web_colegiosnikolatesla/ 
-d colegiosnikolatesla.johannrobinson.com 

-w /clientes/web_colegiosvillamaria/ 
-d iepvillamaria.johannrobinson.com 

-w /clientes/web_casaflorez/ 
-d casaflorez.johannrobinson.com

The webroot being used for domain “johannrobinson.com” is “/clientesprod/johannrobinson/”.
While the root shown for that domain was (after the redirection to HTTPS):

root /clientesprod/web_johannrobinson;

There seems to be some discrepancy there.

you’re right i changed the root in my certbot command and it worked. Muchas gracias.

Glad to hear that
Please mark the ticket as solved.

Cheers from Miami

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.