Getting 404 from authorization request but can curl file during --debug-challenges

shammond42 · October 26, 2018, 12:21am

Hello,

I’m trying to get a cert, but keep getting a 404 error. If I use --debug-challenges, I can curl the file the authorization is authorization is requesting without any issues. Also letsdebug.com indicated that my domain should be fine.

My domain is: fs2tools.atlas-games.com

I ran this command: certbot certonly --webroot --agree-tos --no-eff-email --email shammond@northpub.com -w /etc/letsencrypt -d fs2tools.atlas-games.com --debug-challenges

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator webroot, Installer None

Cert is due for renewal, auto-renewing…

Renewing an existing certificate

Performing the following challenges:

http-01 challenge for fs2tools.atlas-games.com

Using the webroot path /etc/letsencrypt for all unmatched domains.

Waiting for verification…

Challenges loaded. Press continue to submit to CA. Pass “-v” for more info about

challenges.

Press Enter to Continue

Cleaning up challenges

Failed authorization procedure. fs2tools.atlas-games.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://fs2tools.atlas-games.com/.well-known/acme-challenge/o_CGjZ1F7M6RKRs-aqkxr6ECopkOkGO-o8Qu65NdB6Y: “<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=“white”>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>”

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: fs2tools.atlas-games.com
Type: unauthorized
Detail: Invalid response from

http://fs2tools.atlas-games.com/.well-known/acme-challenge/o_CGjZ1F7M6RKRs-aqkxr6ECopkOkGO-o8Qu65NdB6Y:
“<html>\r\n<head><title>404 Not Found</title></head>\r\n<body
bgcolor=“white”>\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>”

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

Also, here is the output of curl during the pause.

$ curl http://fs2tools.atlas-games.com/.well-known/acme-challenge/o_CGjZ1F7M6RKRs-aqkxr6ECopkOkGO-o8Qu65NdB6Y

o_CGjZ1F7M6RKRs-aqkxr6ECopkOkGO-o8Qu65NdB6Y.tEOpGrdd27i1H0yReqkKPYrTju3kU8ofP3p2ShiSQJE

My web server is (include version): nginx 1.10.3

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

mnordhoff · October 26, 2018, 1:03am

The site’s IPv4 and IPv6 addresses point to the same server, but the site behaves slightly differently. If I make a request for http://fs2tools.atlas-games.com/.well-known/acme-challenge/:

On IPv6, it returns 404 Not Found.
On IPv4, it returns 403 Forbidden.

Maybe the IPv6 site is using a different virtual host that doesn’t have /.well-known/acme-challenge/ configured?

shammond42 · October 26, 2018, 2:44am

That was it! Thanks for the tip.

Steve

system · November 25, 2018, 2:44am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.