Get certificate. Unauthorized

I ran: sudo letsencrypt certonly -d get-brands.ru -d www.get-brands.ru -m wolfs.grey@gmail.com –manual
It produced:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for get-brands.ru
http-01 challenge for www.get-brands.ru

-------------------------------------------------------------------------------
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
-------------------------------------------------------------------------------
(Y)es/(N)o: Y

-------------------------------------------------------------------------------
Make sure your web server displays the following content at
http://get-brands.ru/.well-known/acme-challenge/u-hM65d3WVuPpo5W69UhMP4tH9JLSfS7pOD4d07WK6I before continuing:

u-hM65d3WVuPpo5W69UhMP4tH9JLSfS7pOD4d07WK6I.d1u5kEO_DO5vr4XahwV8j43hH4rYv0u87mxnCDnOJns

If you don't have HTTP server configured, you can run the following
command on the target server (as root):

mkdir -p /tmp/certbot/public_html/.well-known/acme-challenge
cd /tmp/certbot/public_html
printf "%s" u-hM65d3WVuPpo5W69UhMP4tH9JLSfS7pOD4d07WK6I.d1u5kEO_DO5vr4XahwV8j43hH4rYv0u87mxnCDnOJns > .well-known/acme-challenge/u-hM65d3WVuPpo5W69UhMP4tH9JLSfS7pOD4d07WK6I
# run only once per server:
$(command -v python2 || command -v python2.7 || command -v python2.6) -c \
"import BaseHTTPServer, SimpleHTTPServer; \
s = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \
s.serve_forever()"
-------------------------------------------------------------------------------
Press Enter to Continue

-------------------------------------------------------------------------------
Make sure your web server displays the following content at
http://www.get-brands.ru/.well-known/acme-challenge/22eeyFJLJWhDVIjvELtmJzfslu_orMAWZm94h6Oe-4Y before continuing:

22eeyFJLJWhDVIjvELtmJzfslu_orMAWZm94h6Oe-4Y.d1u5kEO_DO5vr4XahwV8j43hH4rYv0u87mxnCDnOJns

If you don't have HTTP server configured, you can run the following
command on the target server (as root):

mkdir -p /tmp/certbot/public_html/.well-known/acme-challenge
cd /tmp/certbot/public_html
printf "%s" 22eeyFJLJWhDVIjvELtmJzfslu_orMAWZm94h6Oe-4Y.d1u5kEO_DO5vr4XahwV8j43hH4rYv0u87mxnCDnOJns > .well-known/acme-challenge/22eeyFJLJWhDVIjvELtmJzfslu_orMAWZm94h6Oe-4Y
# run only once per server:
$(command -v python2 || command -v python2.7 || command -v python2.6) -c \
"import BaseHTTPServer, SimpleHTTPServer; \
s = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \
s.serve_forever()"
-------------------------------------------------------------------------------
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. get-brands.ru (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://get-brands.ru/.well-known/acme-challenge/u-hM65d3WVuPpo5W69UhMP4tH9JLSfS7pOD4d07WK6I: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p", www.get-brands.ru (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.get-brands.ru/.well-known/acme-challenge/22eeyFJLJWhDVIjvELtmJzfslu_orMAWZm94h6Oe-4Y: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: get-brands.ru
   Type:   unauthorized
   Detail: Invalid response from
   http://get-brands.ru/.well-known/acme-challenge/u-hM65d3WVuPpo5W69UhMP4tH9JLSfS7pOD4d07WK6I:
   "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <html><head>
   <title>404 Not Found</title>
   </head><body>
   <h1>Not Found</h1>
   <p"

   Domain: www.get-brands.ru
   Type:   unauthorized
   Detail: Invalid response from
   http://www.get-brands.ru/.well-known/acme-challenge/22eeyFJLJWhDVIjvELtmJzfslu_orMAWZm94h6Oe-4Y:
   "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
   <html><head>
   <title>404 Not Found</title>
   </head><body>
   <h1>Not Found</h1>
   <p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

$ curl -i http://get-brands.ru/.well-known/acme-challenge/u-hM65d3WVuPpo5W69UhMP4tH9JLSfS7pOD4d07WK6I
HTTP/1.1 200 OK
Server: nginx/1.11.13
Date: Thu, 08 Feb 2018 12:38:37 GMT
Content-Type: application/octet-stream
Content-Length: 87
Last-Modified: Thu, 08 Feb 2018 12:11:50 GMT
Connection: keep-alive
ETag: "5a7c3e86-57"
Accept-Ranges: bytes

u-hM65d3WVuPpo5W69UhMP4tH9JLSfS7pOD4d07WK6I.d1u5kEO_DO5vr4XahwV8j43hH4rYv0u87mxnCDnOJns


$ curl -i http://www.get-brands.ru/.well-known/acme-challenge/22eeyFJLJWhDVIjvELtmJzfslu_orMAWZm94h6Oe-4Y
HTTP/1.1 200 OK
Server: nginx/1.11.13
Date: Thu, 08 Feb 2018 12:38:47 GMT
Content-Type: application/octet-stream
Content-Length: 87
Last-Modified: Thu, 08 Feb 2018 12:12:34 GMT
Connection: keep-alive
ETag: "5a7c3eb2-57"
Accept-Ranges: bytes

22eeyFJLJWhDVIjvELtmJzfslu_orMAWZm94h6Oe-4Y.d1u5kEO_DO5vr4XahwV8j43hH4rYv0u87mxnCDnOJns

Yet another case, where IPv6 and IPv4 http access differ:

$ host get-brands.ru
get-brands.ru has address 188.166.79.50
get-brands.ru has IPv6 address 2a03:6f00:1::5c35:6099

$ telnet 188.166.79.50 80
Trying 188.166.79.50…
Connected to 188.166.79.50.
Escape character is ‘^]’.
GET /.well-known/acme-challenge/u-hM65d3WVuPpo5W69UhMP4tH9JLSfS7pOD4d07WK6I HTTP/1.1
Host: get-brands.ru

HTTP/1.1 200 OK

$ telnet 2a03:6f00:1::5c35:6099 80
Trying 2a03:6f00:1::5c35:6099…
Connected to 2a03:6f00:1::5c35:6099.
Escape character is ‘^]’.
GET /.well-known/acme-challenge/u-hM65d3WVuPpo5W69UhMP4tH9JLSfS7pOD4d07WK6I HTTP/1.1
Host: get-brands.ru

HTTP/1.1 404 Not Found

Check your DNS settings and make sure ipv6 and ipv4 http is treated equally on your webserver.

2 Likes

Thank you. My ipv6 really was wrong.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.