Failed authorization procedure


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://motionscykellob.dk

I ran this command: cerbot renew

It produced this output:

ttempting to renew cert (motionscykellob.dk) from /etc/letsencrypt/renewal/motionscykellob.dk.conf produced an unexpected error: Failed authorization procedure. motionscykellob.dk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://motionscykellob.dk/.well-known/acme-challenge/7U3V8eeV3_6QrAWRbiegb0yKgEUv6qos0H-i0OFoBqE [172.104.155.123]: “\r\n\r\n<meta name=“robots” content=“noindex”>\r\n<style type=“text/css”>\r\n.background\r\n {\r\n width:800px;\r\n height:220p”, www.motionscykellob.dk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://www.motionscykellob.dk/.well-known/acme-challenge/_CBjqklCYoC_ywTwu8wyUjLPWcFzlcjd-riSv2cFylo [172.104.155.123]: “\r\n\r\n<meta name=“robots” content=“noindex”>\r\n<style type=“text/css”>\r\n.background\r\n {\r\n width:800px;\r\n height:220p”. Skipping.

My web server is (include version):
Server version: Apache/2.4.29 (Ubuntu)
Server built: 2018-10-10T18:59:25

The operating system my web server runs on is (include version):
|Distributor ID:|Ubuntu|

|Description:|Ubuntu 18.04.2 LTS|
|Release:|18.04|
|Codename:|bionic|

My hosting provider, if applicable, is:

linode

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

certbot 0.28.0


I have followed a lot af links about this topic but are getting more and more confused :slight_smile:

Some links suggested if it was possible to create a test file in …well-know… And it is:

https://www.motionscykellob.dk/.well-known/acme-challenge/test

The renew has ran for some years without any problems:

https://crt.sh/?q=motionscykellob.dk

Any ideas ?

Best regards and thanks for a wonderful product .

/Jan


#2

Hi @jabi27

checking your domain (via https://check-your-website.server-daten.de/?q=motionscykellob.dk ) the basics are ok:

Your port 80 is open, there are redirects http -> https (both versions), both tests answer with a (correct) http status 404.

Same with your test file

non-www and www answer with a http status 200.

So you should know your correct webroot. Then use it (with an extra verbose):

certbot run -a webroot -i apache -w yourWebRoot -d motionscykellob.dk -d www.motionscykellob.dk -vvv

If that doesn’t work, share your log

/var/log/letsencrypt/letsencrypt.log

#3

Thank you :slight_smile: It is working again! :slight_smile:
I did as you wrote:

certbot run -a webroot -i apache -w webroot/documentroot -d motionscykellob.dk -d www.motionscykellob.dk -vvv

Best regards

/Jan


#4

Happy to read that it had worked.

Now there is a new certificate.

CN=motionscykellob.dk
	25.02.2019
	26.05.2019
expires in 90 days	motionscykellob.dk, www.motionscykellob.dk - 2 entries

closed #5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.