Got this error message - what now

I just tried letsencrypt for the first time, and successfully completed the process for

I then tried to repeat the process for and got the following

root@asgard:~/letsencrypt# ./letsencrypt-auto certonly --webroot -w /var/www/redmine/public -d
Updating letsencrypt and virtual environment dependencies.......
Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt certonly --webroot -w /var/www/redmine/public -d
Failed authorization procedure. (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Error parsing key authorization file: Invalid key authorization: 181 parts


  • The following 'urn:acme:error:unauthorized' errors were reported by
    the server:

Error: The client lacks sufficient authorization

Both domains are currently running from a single certificate, but the difference is that will only serve its site on https, whereas will serve on either http or https.

Do I have to make serve on http?

Yes, you should try to make it work on HTTP.

Yes we want to encrypt the internet so lets require http to do that. LOL

So why don’t the documents say so?

Welcome to beta testing. Or in the case of the LE client and documentation more akin to alpha testing.

When a server requests a certificate issuance, it’s fair to assume it doesn’t have HTTPS available yet. Either 443 port closed, or self-signed cert installed. So I can only give you a half-like for such sarcasm.

Very incorrect, and inappropriate, assumption. Not a fair assumption at all. That would mean LE is only automating for those who are establishing the initial https. Somehow I don't think that is the intention and therefor that would be a very bad assumption.

If there have already been LE certs issued for this host, LE should try HTTPS first. Not necessarily LE if there is also Certificate Transparency search. Agree now?

No. CT is not a current standards requirement.