Failed Authorization prodedure

I am getting a strange error. I have never had problems before using certbot before. I have also confirmed that this resolves just fine on my website: http://cumulous.io/.well-known/acme-challenge/test

My domain is:cumulous.io

I ran this command:certbot --apache

It produced this output:Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel): cumulous.io
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cumulous.io
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. cumulous.io (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://cumulous.io/.well-known/acme-challenge/dB4-nUCDIXABUfXoXkDdb2JQ2bvStW7g03-5qbLatKY [184.168.221.37]: 404

IMPORTANT NOTES:

My web server is (include version):Server version: Apache/2.4.25 (Debian)
Server built: 2019-04-02T19:05:13
Server’s Module Magic Number: 20120211:68
Server loaded: APR 1.5.2, APR-UTIL 1.5.4
Compiled using: APR 1.5.2, APR-UTIL 1.5.4
Architecture: 64-bit
Server MPM: prefork
threaded: no
forked: yes (variable process count)

The operating system my web server runs on is (include version):Debian 9

My hosting provider, if applicable, is:N/A

I can login to a root shell on my machine (yes or no, or I don’t know):Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.28.0

Hi @ktb92677

something looks wrong.

You have 3 ip addresses ( https://check-your-website.server-daten.de/?q=cumulous.io ):

Host T IP-Address is auth. ∑ Queries ∑ Timeout
cumulous.io A 50.63.202.40 Scottsdale/Arizona/United States (US) - GoDaddy.com, LLC Hostname: ip-50-63-202-40.ip.secureserver.net yes 2 0
A 162.211.122.163 Irvine/California/United States (US) - HEG US Inc No Hostname found yes 2 0
A 184.168.221.46 Scottsdale/Arizona/United States (US) - GoDaddy.com, LLC Hostname: ip-184-168-221-46.ip.secureserver.net yes 2 0

but two use secureserver.net.

And checking your long list of domain names and 3 ip addresses that’s critical.

Domainname Http-Status redirect Sec. G
http://cumulous.io/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
50.63.202.40 302 http://cumulous.io/OWRRZ/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 9.334 D
Visible Content:
http://www.cumulous.io/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
184.168.221.46 302 http://www.cumulous.io/QjdLT/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 9.330 D
Visible Content:
http://cumulous.io/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
162.211.122.163 404 0.326 A
Not Found
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server. Apache/2.4.25 (Debian) Server at cumulous.io Port 80
http://cumulous.io/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
184.168.221.46 200 3.366
Visible Content:
http://www.cumulous.io/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
50.63.202.35 200 3.373
Visible Content:
http://www.cumulous.io/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
50.63.202.40 404 3.350 A
Not Found
Visible Content: The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
http://www.cumulous.io/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
162.211.122.163 404 0.326 A
Not Found
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server. Apache/2.4.25 (Debian) Server at www.cumulous.io Port 80
http://cumulous.io/OWRRZ/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 200 3.363
Visible Content:
http://www.cumulous.io/QjdLT/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 200 3.383

Different ip addresses -> different results, http status 200, 404 and a redirect.

These “secureservers” are domain redirects, that can’t work.

Perhaps you should remove both entries.

1 Like

Thank you! That was the problem :slight_smile:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.