Failed Authorization prodedure

ktb92677 · July 17, 2019, 6:21pm

I am getting a strange error. I have never had problems before using certbot before. I have also confirmed that this resolves just fine on my website: http://cumulous.io/.well-known/acme-challenge/test

My domain is:cumulous.io

I ran this command:certbot --apache

It produced this output:Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel): cumulous.io
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cumulous.io
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. cumulous.io (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://cumulous.io/.well-known/acme-challenge/dB4-nUCDIXABUfXoXkDdb2JQ2bvStW7g03-5qbLatKY [184.168.221.37]: 404

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: cumulous.io
Type: unauthorized
Detail: Invalid response from
http://cumulous.io/.well-known/acme-challenge/dB4-nUCDIXABUfXoXkDdb2JQ2bvStW7g03-5qbLatKY
[184.168.221.37]: 404

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

My web server is (include version):Server version: Apache/2.4.25 (Debian)
Server built: 2019-04-02T19:05:13
Server’s Module Magic Number: 20120211:68
Server loaded: APR 1.5.2, APR-UTIL 1.5.4
Compiled using: APR 1.5.2, APR-UTIL 1.5.4
Architecture: 64-bit
Server MPM: prefork
threaded: no
forked: yes (variable process count)

The operating system my web server runs on is (include version):Debian 9

My hosting provider, if applicable, is:N/A

I can login to a root shell on my machine (yes or no, or I don’t know):Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.28.0

JuergenAuer · July 17, 2019, 6:30pm

Hi @ktb92677

something looks wrong.

You have 3 ip addresses ( https://check-your-website.server-daten.de/?q=cumulous.io ):

Host	T	IP-Address	is auth.	∑ Queries
cumulous.io	A	50.63.202.40 Scottsdale/Arizona/United States (US) - GoDaddy.com, LLC Hostname: ip-50-63-202-40.ip.secureserver.net	yes	2
	A	162.211.122.163 Irvine/California/United States (US) - HEG US Inc No Hostname found	yes	2
	A	184.168.221.46 Scottsdale/Arizona/United States (US) - GoDaddy.com, LLC Hostname: ip-184-168-221-46.ip.secureserver.net	yes	2

but two use secureserver.net.

And checking your long list of domain names and 3 ip addresses that’s critical.

Domainname	Http-Status	redirect	Sec.	G
• http://cumulous.io/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
50.63.202.40	302	http://cumulous.io/OWRRZ/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	9.334	D
Visible Content:

• http://www.cumulous.io/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
184.168.221.46	302	http://www.cumulous.io/QjdLT/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	9.330	D
Visible Content:

• http://cumulous.io/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
162.211.122.163	404		0.326	A
Not Found
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server. Apache/2.4.25 (Debian) Server at cumulous.io Port 80

• http://cumulous.io/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
184.168.221.46	200		3.366
Visible Content:

• http://www.cumulous.io/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
50.63.202.35	200		3.373
Visible Content:

• http://www.cumulous.io/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
50.63.202.40	404		3.350	A
Not Found
Visible Content: The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

• http://www.cumulous.io/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
162.211.122.163	404		0.326	A
Not Found
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server. Apache/2.4.25 (Debian) Server at www.cumulous.io Port 80

• http://cumulous.io/OWRRZ/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	200		3.363
Visible Content:

• http://www.cumulous.io/QjdLT/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de	200		3.383

Different ip addresses -> different results, http status 200, 404 and a redirect.

These “secureservers” are domain redirects, that can’t work.

Perhaps you should remove both entries.

ktb92677 · July 17, 2019, 6:34pm

Thank you! That was the problem

system · August 16, 2019, 6:34pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.