Failed Authorization Procedure


#1

Hello Everyone,

Hope someone can help us on this. We are new to Certbot and having issues while creating a new SSL Certs.

My domain is:
www.baycitiestool.com

I ran this command:
./certbot-auto --apache

It produced this output:
Performing the following challenges:
http-01 challenge for www.baycitiestool.com
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.baycitiestool.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.baycitiestool.com/.well-known/acme-challenge/Raru_pdPPVECQvkALv6bGf0sYzu4E3GWguxw9hF17OA: Error getting validation data

My web server is (include version): Apache/2.2.15 (Unix)

The operating system my web server runs on is (include version): CentOS release 6.8 (Final)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.31.0


#2

Strange.

Could you try with:

--dry-run --debug-challenges -v

and then upload your /var/log/letsencrypt/letsencrypt.log somewhere (like https://dpaste.de)?


#3

The good news is that port 80 is open.

The bad news is that port 80 and port 443 return very different content:

File downloaded from: http://www.baycitiestool.com/
-rw-r–r-- 1 root root 9113 Sep 10 02:38 index.html

File downloaded from: https://www.baycitiestool.com/
-rw-r–r-- 1 root root 131428 Feb 15 00:18 index.html

So it would seem that perhaps they are not using the same document root ?


#4

I’m a new user and I can’t upload a file. There are too many links on the logs and i can only post up to 20 links. I’m checking for other options to provide the logs.


#5

My bad. Please click this link for the logs: https://dpaste.de/eXDg


#6

Hi @alwin.soria

the error:

Domain: www.baycitiestool.com
Type:   connection
Detail: Fetching http://www.baycitiestool.com/.well-known/acme-challenge/hbA-yiuumWIDmxjrkWBnvxcQ0l18Rw1FEQoC1yXwSmM: 
Connection reset by peer

Certbot creates a directory

         <Directory /var/lib/letsencrypt/http_challenges>
            Order Allow,Deny
            Allow from all
        </Directory>
        <Location /.well-known/acme-challenge>
            Order Allow,Deny
            Allow from all
        </Location>

and a redirect rule:

RewriteEngine on
RewriteRule ^/\.well-known/acme-challenge/([A-Za-z0-9-_=]+)$ /var/lib/letsencrypt/http_challenges/$1 [L]

But that doesn’t work.

Checking your domain direct ( https://check-your-website.server-daten.de/?q=baycitiestool.com ):

Domainname Http-Status redirect Sec. G
http://baycitiestool.com/
216.218.159.39 200 0.327 H
http://www.baycitiestool.com/
216.218.159.39 200 0.313 H
https://baycitiestool.com/
216.218.159.39 301 https://www.motivit.com/ 3.217 N
Certificate error: RemoteCertificateNameMismatch
https://www.baycitiestool.com/
216.218.159.39 301 https://www.motivit.com/ 3.393 N
Certificate error: RemoteCertificateNameMismatch
https://www.motivit.com/ 200 8.720 B
http://baycitiestool.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
216.218.159.39 404 0.344 A
Not Found
http://www.baycitiestool.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
216.218.159.39 404 0.313 A
Not Found

That looks ok. /.well-known/acme-challenge/unknown-file is open, both domains send the expected http status 404 / Not found.

So try to find your DocumentRoot. Then use it:

certbot run -a webroot -i apache -w yourDocumentRoot -d www.baycitiestool.com -d baycitiestool.com

#7

Thank you so much! That works like a charm!!


closed #8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.