Got this error message - what now


#1

I just tried letsencrypt for the first time, and successfully completed the process for www.hartley-consultants.com

I then tried to repeat the process for planner.hartley-consultants.com and got the following

root@asgard:~/letsencrypt# ./letsencrypt-auto certonly --webroot -w /var/www/redmine/public -d planner.hartley-consultants.com
Updating letsencrypt and virtual environment dependencies…
Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt certonly --webroot -w /var/www/redmine/public -d planner.hartley-consultants.com
Failed authorization procedure. planner.hartley-consultants.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Error parsing key authorization file: Invalid key authorization: 181 parts

IMPORTANT NOTES:

  • The following ‘urn:acme:error:unauthorized’ errors were reported by
    the server:

Domains: planner.hartley-consultants.com
Error: The client lacks sufficient authorization

Both domains are currently running from a single CA-Cert.org certificate, but the difference is that planner.hartley-consultants.com will only serve its site on https, whereas www.hartley-consultants.com will serve on either http or https.

Do I have to make planner.hartley-consultants.com serve on http?


#2

Yes, you should try to make it work on HTTP.


#3

Yes we want to encrypt the internet so lets require http to do that. LOL


#4

So why don’t the documents say so?


#5

Welcome to beta testing. Or in the case of the LE client and documentation more akin to alpha testing.


#6

When a server requests a certificate issuance, it’s fair to assume it doesn’t have HTTPS available yet. Either 443 port closed, or self-signed cert installed. So I can only give you a half-like for such sarcasm.


#7

Very incorrect, and inappropriate, assumption. Not a fair assumption at all. That would mean LE is only automating for those who are establishing the initial https. Somehow I don’t think that is the intention and therefor that would be a very bad assumption.


#8

If there have already been LE certs issued for this host, LE should try HTTPS first. Not necessarily LE if there is also Certificate Transparency search. Agree now?


#9

No. CT is not a current standards requirement.