Getting error "client lacks sufficent authorization" on raspbian


#1

I was looking for a ssl ca when i found lets encrypt, I installed it on a raspberry pi 2 running raspbian and after a few bumps along the way, it finaly ran, but when i did i got the error
""client lacks sufficient authorization : error parsing key authorization file : Invalid key authorization : 145 parts"
i ran sudo ./letsencrypt-auto certonly --webroot -w /cer_location -d git.team2roblox.tk
also this is for a gitlab server for which id like some encryption


#2

Please paste the full letsencrypt commandline you used, and the contents of letsencrypt.log. Thanks!


#3

i ran sudo ./letsencrypt-auto certonly --webroot -w /etc/gitab/ssl -d git.team2roblox.tk
will get to the log once i get home cause i think my router is blocking incoming port 80 (again…)


#4

Everything is connected and the check starts but comes with the error that "client lacks sufficient authorization : error parsing key authorization file : Invalid key authorization : 145 parts"
after many tries of running the command i used and others, the log has this?!(edit looked at the wrong log, i looked at ~/letsencrypt/letsencrypt.log instead of /var/log/letsencrypt, also putting only the end, cause the most of it has only web requests, and all of that works so here goes):
"
2015-12-11 04:10:38,543:INFO:letsencrypt.reporter:Reporting to user: The following ‘urn:acme:error:unauthorized’ errors were reported by the server:

Domains: git.team2roblox.tk
Error: The client lacks sufficient authorization
2015-12-11 04:10:38,580:INFO:letsencrypt.auth_handler:Cleaning up challenges
2015-12-11 04:10:38,590:DEBUG:letsencrypt.plugins.webroot:Removing /etc/gitlab/ssl/.well-known/acme-challenge/EAGHxEBxwn9P61YZPhZq6x8qoZrml9u7w3jWkwGtYF0
2015-12-11 04:10:38,607:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 1283, in main
return args.func(args, config, plugins)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 512, in obtain_cert
_auth_from_domains(le_client, config, domains)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 336, in _auth_from_domains
lineage = le_client.obtain_and_enroll_certificate(domains)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py”, line 283, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py”, line 266, in obtain_certificate
return self._obtain_certificate(domains, csr) + (key, csr)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py”, line 224, in _obtain_certificate
authzr = self.auth_handler.get_authorizations(domains)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py”, line 84, in get_authorizations
self._respond(cont_resp, dv_resp, best_effort)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py”, line 142, in _respond
self._poll_challenges(chall_update, best_effort)
File “/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py”, line 204, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. git.team2roblox.tk (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Error parsing key authorization file: Invalid key authorization: 145 parts"
also a quick look at the log shows it got to the url: git.team2roblox.tk/users/sign_in
so i’m not sure what the issue is here…

edit will update original post with this


#5

Do you have a redirect in place that forces everyone to the login page - /users/sign_in ? I’m guessing that you have a .htaccess (or similar) redirect. If so you need to remove that for attempts to access anything in the /.well-known/acme-challenge/ folder


#6

I wouldn’t know, i use the bundled version of nginx which comes with gitlab, and i don’t have a lot of control over it, aside for a few things and it works perfectly now so i don’t really want to mess it up.


#7

well, it’s your decision if you want to modify things to enable it to work, or not.

If you were happy to change the config you’d need something like

server {
listen 80;
server_name yoursite.com, www.yoursite.com;
location /.well-known/acme-challenge/ {
try_files $uri =404;
}
…the rest of your config
}

(take backups etc before you make changes of course). If you don’t want to make modifications then I suspect you won’t be able to use the default LE client and need to use an alternative.


#8

arrg, i was about to test it and then my router blocked (only) port 80 again…