Failed authorization procedure

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: remesamigo.com

I ran this command:

certbot run -a webroot -i apache -w /var/www/html/portalremes -d remesamigo.com

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for remesamigo.com
Using the webroot path /var/www/html/portalremes for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. remesamigo.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://remesamigo.com/.well-known/acme-challenge/FJxLURo_x1-WSMZ5-4N_NoJLtN4loM1kaCtJVTU_BfY [167.86.84.201]: “\n\n404 Not Found\n\n

Not Found

\n<p”

IMPORTANT NOTES:

My web server is (include version):

Apache 2

The operating system my web server runs on is (include version):
Debian 9

My hosting provider, if applicable, is:

Domain.com contabo.com

I can login to a root shell on my machine (yes or no, or I don’t know):

yes, i can login to a root shell.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

No, I have access to my server for ssh. I have access root

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
cerbot --version
output
certbot 0.28.0

This certificate was working, It is expired now, I want renew certificate, but i get a error.

My register A in my hosting contabo is
remesamigo.com 86400 A 0 167.86.84.201

I have another certificate with the domain www.remesamigo.com and it works correctly, and it is the same ip address

Thanks for your helps

2 Likes

Hi @bguevara

what says

apachectl -S
2 Likes

Thanks for you help.
apachectl -S
[Fri Jul 17 17:07:47.741294 2020] [so:warn] [pid 6154] AH01574: module ssl_module is already loaded, skipping
VirtualHost configuration:
*:443 is a NameVirtualHost
default server app.remesamigo.com (/etc/apache2/sites-enabled/app.remesamigo-le-ssl.conf:2)
port 443 namevhost app.remesamigo.com (/etc/apache2/sites-enabled/app.remesamigo-le-ssl.conf:2)
alias app.remesamigo.com
port 443 namevhost app.remesamigo.com.ve (/etc/apache2/sites-enabled/app.remesamigo.com.ve-le-ssl.conf:2)
alias app.remesamigo.com.ve
port 443 namevhost mail.remesamigo.com (/etc/apache2/sites-enabled/mail.remesamigo.com-le-ssl.conf:2)
alias mail.remesamigo.com
port 443 namevhost remesamigo.com (/etc/apache2/sites-enabled/remesamigo.com-le-ssl.conf:2)
alias www.remesamigo.com
port 443 namevhost remesamigo.com.ve (/etc/apache2/sites-enabled/remesamigo.com.ve-le-ssl.conf:2)
alias www.remesamigo.com.ve
port 443 namevhost sistemaslisto.com.ve (/etc/apache2/sites-enabled/sistemaslisto-ssl.com.ve.conf:5)
alias www.sistemaslisto.com.ve
port 443 namevhost venetis.com.ve (/etc/apache2/sites-enabled/venetis.com.ve-le-ssl.conf:2)
alias www.venetis.com.ve
*:80 is a NameVirtualHost
default server remesamigo.com (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost remesamigo.com (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost app.remesamigo.com.ve (/etc/apache2/sites-enabled/app.remesamigo.com.ve.conf:1)
alias app.remesamigo.com.ve
port 80 namevhost app.remesamigo.com (/etc/apache2/sites-enabled/app.remesamigo.conf:1)
alias app.remesamigo.com
port 80 namevhost mail.remesamigo.com (/etc/apache2/sites-enabled/mail.remesamigo.com.conf:1)
alias mail.remesamigo.com
port 80 namevhost remesamigo.com (/etc/apache2/sites-enabled/remesamigo.com.conf:1)
alias www.remesamigo.com
port 80 namevhost remesamigo.com.ve (/etc/apache2/sites-enabled/remesamigo.com.ve.conf:1)
alias www.remesamigo.com.ve
port 80 namevhost sistemaslisto.com.ve (/etc/apache2/sites-enabled/sistemaslisto.com.ve.conf:1)
alias www.sistemaslisto.com.ve
port 80 namevhost venetis.com.ve (/etc/apache2/sites-enabled/venetis.com.ve.conf:1)
alias www.venetis.com.ve
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33
Group: name=“www-data” id=33

My files are:
remesamigo.conf

<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName remesamigo.com
ServerAlias www.remesamigo.com
DocumentRoot /var/www/html/portalremes
ErrorLog {APACHE_LOG_DIR}/error.log CustomLog {APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =remesamigo.com [OR]
RewriteCond %{SERVER_NAME} =www.remesamigo.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

OTHER FILE

remesamigo.com-le-ssl.conf

ServerAdmin webmaster@localhost ServerName remesamigo.com ServerAlias www.remesamigo.com DocumentRoot /var/www/html/portalremes ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/remesamigo.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/remesamigo.com/privkey.pem

Output of cerbot certificates

Found the following certs:
Certificate Name: app.remesamigo.com
Domains: app.remesamigo.com
Expiry Date: 2020-09-10 02:09:43+00:00 (VALID: 54 days)
Certificate Path: /etc/letsencrypt/live/app.remesamigo.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/app.remesamigo.com/privkey.pem
Certificate Name: mail.remesamigo.com
Domains: mail.remesamigo.com
Expiry Date: 2020-09-14 20:47:30+00:00 (VALID: 59 days)
Certificate Path: /etc/letsencrypt/live/mail.remesamigo.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/mail.remesamigo.com/privkey.pem
Certificate Name: remesamigo.com
Domains: remesamigo.com www.remesamigo.com
Expiry Date: 2020-07-16 20:17:27+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/remesamigo.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/remesamigo.com/privkey.pem
Certificate Name: www.remesamigo.com
Domains: www.remesamigo.com
Expiry Date: 2020-10-14 20:56:21+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.remesamigo.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.remesamigo.com/privkey.pem
Certificate Name: remesamigo.com.ve-0001
Domains: remesamigo.com.ve app.remesamigo.com.ve www.remesamigo.com.ve
Expiry Date: 2020-09-10 02:12:26+00:00 (VALID: 54 days)
Certificate Path: /etc/letsencrypt/live/remesamigo.com.ve-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/remesamigo.com.ve-0001/privkey.pem
Certificate Name: www.sistemaslisto.com.ve
Domains: www.sistemaslisto.com.ve sistemaslisto.com.ve
Expiry Date: 2020-10-15 10:33:56+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.sistemaslisto.com.ve/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.sistemaslisto.com.ve/privkey.pem
Certificate Name: venetis.com.ve
Domains: venetis.com.ve www.venetis.com.ve
Expiry Date: 2020-09-09 03:00:21+00:00 (VALID: 53 days)
Certificate Path: /etc/letsencrypt/live/venetis.com.ve/fullchain.pem
Private Key Path: /etc/letsencrypt/live/venetis.com.ve/privkey.pem

There you see the problem:

Multiple vHosts with the same port and the same domain name, that’s always wrong.

Remove all duplicated entries. If you have non-www and www, one vHost with both domain names is normally the better solution. Then use the root of that vHost.

3 Likes

Hi, thank you a lot, Problem solved.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.