Failed authorization procedure

rgthrasher · August 1, 2018, 3:25pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: applemdm.paristexas.gov

I ran this command: ~\get-cert.sh

It produced this output:
Last login: Mon Jul 30 22:00:59 on console
applemdm:~ administrator$ ~/get-cert.sh
Password:
Attempting to renew cert (applemdm.paristexas.gov) from /etc/letsencrypt/renewal/applemdm.paristexas.gov.conf produced an unexpected error: Failed authorization procedure. applemdm.paristexas.gov (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://applemdm.paristexas.gov/.well-known/acme-challenge/u3gh8sMkZA1mXVgf0mn4Y4CyCoJQcSNtnbo9qVP1R_4: "

<htm". Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/applemdm.paristexas.gov/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
1 identity imported.
2 certificates imported.
applemdm:~ administrator$
applemdm:~ administrator$

My web server is (include version): macos

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: macstadium

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): MacOS Server

I have been using letsencrypt since January and renewing every 90 days, but now it gives the error above and I have tried hopelessly to get it to work.
RT

sahsanu · August 1, 2018, 3:47pm

Hi @rgthrasher,

If you try to reach any page on your site, you receive a 403 Forbidden error message… if using a browser you get this message “Websites are turned off. An administrator can turn them on using the Server application.”.

Are you sure your web server is configured properly?.

Cheers,
sahsanu

rgthrasher · August 1, 2018, 3:51pm

The website comes up, its just not secure. I removed the letsencrypt sert thinking that might fix that error i was getting, which it didnt. the site is applemdm.paristexas.gov

sahsanu · August 1, 2018, 4:00pm

Hi @rgthrasher,

I’m sorry but your site shows the message I posted above with every request and your site is secure, the only think is that it is using a self signed certificate (Russell Thrasher Server Certification Authority Intermediate CA) and Let’s Encrypt doesn’t care about that self-signed certificate.

Using command line:

$ curl -IkL http://applemdm.paristexas.gov/
HTTP/1.1 302 Found
Date: Wed, 01 Aug 2018 15:57:59 GMT
Server: Apache
Location: https://applemdm.paristexas.gov/
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 403 Forbidden
Date: Wed, 01 Aug 2018 15:57:59 GMT
Server: Apache
Content-Location: websitesoff403.html.en
Vary: negotiate,accept-language
TCN: choice
Last-Modified: Sun, 25 Mar 2018 00:52:02 GMT
ETag: "631-5683210bc9080;56bd0a038cd40"
Accept-Ranges: bytes
Content-Length: 1585
MS-Author-Via: DAV
Cache-Control: no-cache
Content-Type: text/html
Content-Language: en

If you can’t serve the http challenge http://applemdm.paristexas.gov/.well-known/acme-challenge/herethechallenge LE can’t validate your domain and you won’t get your cert.

Cheers,
sahsanu

rgthrasher · August 1, 2018, 4:03pm

This is what I get when I go to that page

jared.m · August 1, 2018, 4:08pm

Are you perhaps on an internal network which routes to that domain differently than the public internet would?

sahsanu · August 1, 2018, 4:08pm

I suppose you are changing something because right now this is the page:

system · August 31, 2018, 4:08pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.