Http-01 challenge fail

Hi guys, have a problem with setting up my SSL certificate. This is my first time doing anything similar, so looking for someone to help me figure out what I am doing wrong. Thank you!

My domain is:sleep-foundation.com

I ran this command: letsencrypt-vesta admin sleep-foundation.com

It produced this output:

http-01 challenge for www.sleep-foundation.com
Using the webroot path /etc/letsencrypt/webroot for all unmatched domains.
Waiting for verification…
Challenge failed for domain sleep-foundation.com
Challenge failed for domain www.sleep-foundation.com
http-01 challenge for sleep-foundation.com
http-01 challenge for www.sleep-foundation.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: sleep-foundation.com
    Type: unauthorized
    Detail: The key authorization file from the server did not match
    this challenge
    “SkuWBBIZNRVX8ifMFgvkYidV-ox7mXOMJ1w8fjfGmhI.1lSsBwK5WcJ47sIeOTSixE9VNhSB3JbndlneL54AQqg”
    !=
    “SkuWBBIZNRVX8ifMFgvkYidV-ox7mXOMJ1w8fjfGmhI.6xQTfKuGE2d8bXyzN92et2yE1nGTRNagxPn3CaLChck”

    Domain: www.sleep-foundation.com
    Type: unauthorized
    Detail: The key authorization file from the server did not match
    this challenge
    “Wvcb6HiVJYK3j-FhqqivO39nugJ7k_FRgcRpggOm3-o.1lSsBwK5WcJ47sIeOTSixE9VNhSB3JbndlneL54AQqg”
    !=
    “Wvcb6HiVJYK3j-FhqqivO39nugJ7k_FRgcRpggOm3-o.6xQTfKuGE2d8bXyzN92et2yE1nGTRNagxPn3CaLChck”

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version):

The operating system my web server runs on is (include version): Ubuntu 16.04.6 (LTS) x64
My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know):Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Vesta

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.37.1

1 Like

Hi @doggo11

looks like you use the wrong command.

VestaCP has an integrated Letsencrypt support.

Checking your domain that’s visible ( https://check-your-website.server-daten.de/?q=sleep-foundation.com ):

Domainname Http-Status redirect Sec. G
http://sleep-foundation.com/
165.22.206.130 200 0.037 H
http://www.sleep-foundation.com/
165.22.206.130 200 0.034 H
https://sleep-foundation.com/
165.22.206.130 200 3.360 B
https://www.sleep-foundation.com/
165.22.206.130 200 3.140 B
http://sleep-foundation.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
165.22.206.130 200 0.034 A
Visible Content: check-your-website-dot-server-daten-dot-de.6xQTfKuGE2d8bXyzN92et2yE1nGTRNagxPn3CaLChck
http://www.sleep-foundation.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
165.22.206.130 200 0.034 A
Visible Content: check-your-website-dot-server-daten-dot-de.6xQTfKuGE2d8bXyzN92et2yE1nGTRNagxPn3CaLChck

Checking a file in /.well-known/acme-challenge, the content of that file:

filename + “.” + base64(Hash(Public Account key))

Result:

Good: Acme-Check - Answer looks like a correct keyAuthorization - String: Filename + “.” + base64url(Thumbprint(accountKey)). So creating a Letsencrypt certificate using that integrated solution should work. Don’t use another client (like Certbot). Don’t mix integrated solutions with own ACME-clients, that may not work.

But your error says:

So you have a - wrong - second configuration with a second Letsencrypt account.

So using letsencrypt-vesta doesn’t work with your integrated solution.

Check your configuration or ask your hoster to understand, how to create a certificate with your integrated solution.

PS: You have already created two Letsencrypt certificates:

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-08-14 2019-11-12 sleep-foundation.com, www.sleep-foundation.com
2 entries duplicate nr. 2
Let’s Encrypt Authority X3 2019-08-13 2019-11-11 sleep-foundation.com, www.sleep-foundation.com
2 entries duplicate nr. 1
CloudFlare Inc ECC CA-2 2019-08-12 2020-08-12 *.sleep-foundation.com, sleep-foundation.com, sni.cloudflaressl.com
3 entries

So it’s the wrong tool you use.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.