Failed authorization procedure

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: emiratespass.net

I ran this command:sudo certbot certonly --nginx

It produced this output:Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?


1: emiratespass.net
2: www.emiratespass.net


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1,2
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for emiratespass.net
http-01 challenge for www.emiratespass.net
Using default address 80 for authentication.
Using default address 80 for authentication.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.emiratespass.net (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://emiratespass.net/.well-known/acme-challenge/wV6QnRMd7_ZtTe2x7v4hNmDP0yiVS2yb8yFPsEoZO0w [54.213.217.167]: “\r\n<!doctype html>\r\n<html class=“use-header4” lang=“en”>\r\n \r\n \n\tvar BASE_URL = WEB_URL = 'http://emirate”, emiratespass.net (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://emiratespass.net/.well-known/acme-challenge/UwmVHusXg84i8CHvq4ux222gl4nwcjhoZpaLB-9RHIg [54.213.217.167]: “\r\n<!doctype html>\r\n<html class=“use-header4” lang=“en”>\r\n \r\n \n\tvar BASE_URL = WEB_URL = 'http://emirate

IMPORTANT NOTES:

My web server is (include version): nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Linux 5.3.0-1032-aws x86_64

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Welcome! :smiley:

It looks like your web server is failing 2 file-based challenges to prove control over emiratespass.net and www.emiratespass.net. While the information I have to work with here is limited, I can see some of the contents being returned from your server when accessing the challenge files:

It seems that either the challenge files were not able to be created or the Let's Encrypt server is unable to retrieve those files.

I also see that you are using certonly in your command, which will result in acquiring your new certificate, but won't install your new certificate.

hi freessltools.com,

Thank you for your reply. That’s exactly what the problem is. It’s so frustrating, I have checked so many places even under my bed lol .There’s seems to be some problem with Let’s Encrypt accessing the files or unable to create them. All it tells is Unauthorized. Please elaborate more if you can, that can possibly get us to a solution. Thank you in advance.

So the “unauthorized” part of the error here is in regards to completing the challenges, not about lack of authorization from your server (which could be happening).

Is there a way to narrow this down to what could possibly be happening?

Let’s try something:

sudo certbot certonly --dry-run --nginx --debug-challenges

Post the output of this.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?


1: emiratespass.net
2: www.emiratespass.net


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1,2
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for emiratespass.net
http-01 challenge for www.emiratespass.net
Using default address 80 for authentication.
Using default address 80 for authentication.
Waiting for verification…


Challenges loaded. Press continue to submit to CA. Pass “-v” for more info about
challenges.


Press Enter to Continue
Cleaning up challenges
Failed authorization procedure. www.emiratespass.net (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://emiratespass.net/.well-known/acme-challenge/fewvNBccXIwWr6JP4Sq6g2o2DAk-IW9aA29-Y91GYWs [54.213.217.167]: “\r\n<!doctype html>\r\n<html class=“use-header4” lang=“en”>\r\n \r\n \n\tvar BASE_URL = WEB_URL = 'http://emirate”, emiratespass.net (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://emiratespass.net/.well-known/acme-challenge/NoPdFw0njuGzS8zfGlUvS0ssM2ZoxA00HCD6Fhq0ISM [54.213.217.167]: “\r\n<!doctype html>\r\n<html class=“use-header4” lang=“en”>\r\n \r\n \n\tvar BASE_URL = WEB_URL = 'http://emirate

IMPORTANT NOTES:

My bad. I forgot to say that you should pause in the middle of this when you see:

The challenge files should stick around that way so we can see directly what's going on.

I did pause for a few seconds to read. Should I have done something other than pressing Enter?
So I do this again and Pause a little this time? :-/

When you press enter it cleans-up (deletes) the files. We need them around to see what’s happening.

Yep. Just let it sit if you can. Let me know once it's sitting.

sure, you got it!, I wont do anything until you tell me to. I am executing the command now

It's sitting starting now.

Once it’s sitting, can you view this folder and let me know what you see:

/.well-known/acme-challenge/

The filenames change, so I can’t use the old names.

ok this might sounds silly (actually it sure will), but how do i execute a command without answering this "Press Enter to Continue". To goto the /.well-known/acme-challenge/

I was hoping you could do so through another terminal or even a file manager.

oh yeah, i will I am sorry. As i said silly. Please give me a moment

No worries. :wink: By the way, are you from UAE?

I used FileZilla, and IF i'm not being silly. This seems to be the result:

Yes and No, I lived most of my life there. I guess I could say it's like a second home. :slight_smile: