Failed authorization procedure


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: applemdm.paristexas.gov

I ran this command: ~\get-cert.sh

It produced this output:
Last login: Mon Jul 30 22:00:59 on console
applemdm:~ administrator$ ~/get-cert.sh
Password:
Attempting to renew cert (applemdm.paristexas.gov) from /etc/letsencrypt/renewal/applemdm.paristexas.gov.conf produced an unexpected error: Failed authorization procedure. applemdm.paristexas.gov (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://applemdm.paristexas.gov/.well-known/acme-challenge/u3gh8sMkZA1mXVgf0mn4Y4CyCoJQcSNtnbo9qVP1R_4: "

<htm". Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/applemdm.paristexas.gov/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
1 identity imported.
2 certificates imported.
applemdm:~ administrator$
applemdm:~ administrator$

My web server is (include version): macos

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: macstadium

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): MacOS Server

I have been using letsencrypt since January and renewing every 90 days, but now it gives the error above and I have tried hopelessly to get it to work.
RT


#2

Hi @rgthrasher,

If you try to reach any page on your site, you receive a 403 Forbidden error message… if using a browser you get this message “Websites are turned off. An administrator can turn them on using the Server application.”.

Are you sure your web server is configured properly?.

Cheers,
sahsanu


#3

The website comes up, its just not secure. I removed the letsencrypt sert thinking that might fix that error i was getting, which it didnt. the site is applemdm.paristexas.gov


#4

Hi @rgthrasher,

I’m sorry but your site shows the message I posted above with every request and your site is secure, the only think is that it is using a self signed certificate (Russell Thrasher Server Certification Authority Intermediate CA) and Let’s Encrypt doesn’t care about that self-signed certificate.

Using command line:

$ curl -IkL http://applemdm.paristexas.gov/
HTTP/1.1 302 Found
Date: Wed, 01 Aug 2018 15:57:59 GMT
Server: Apache
Location: https://applemdm.paristexas.gov/
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 403 Forbidden
Date: Wed, 01 Aug 2018 15:57:59 GMT
Server: Apache
Content-Location: websitesoff403.html.en
Vary: negotiate,accept-language
TCN: choice
Last-Modified: Sun, 25 Mar 2018 00:52:02 GMT
ETag: "631-5683210bc9080;56bd0a038cd40"
Accept-Ranges: bytes
Content-Length: 1585
MS-Author-Via: DAV
Cache-Control: no-cache
Content-Type: text/html
Content-Language: en

If you can’t serve the http challenge http://applemdm.paristexas.gov/.well-known/acme-challenge/herethechallenge LE can’t validate your domain and you won’t get your cert.

Cheers,
sahsanu


#5

This is what I get when I go to that page


#6

Are you perhaps on an internal network which routes to that domain differently than the public internet would?


#7

I suppose you are changing something because right now this is the page:


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.