Http-01 challenge fail

Hi guys, have a problem with setting up my SSL certificate. This is my first time doing anything similar, so looking for someone to help me figure out what I am doing wrong. Thank you!

My domain is:sleep-foundation.com

I ran this command: letsencrypt-vesta admin sleep-foundation.com

It produced this output:

http-01 challenge for www.sleep-foundation.com
Using the webroot path /etc/letsencrypt/webroot for all unmatched domains.
Waiting for verification…
Challenge failed for domain sleep-foundation.com
Challenge failed for domain www.sleep-foundation.com
http-01 challenge for sleep-foundation.com
http-01 challenge for www.sleep-foundation.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: sleep-foundation.com
  Type: unauthorized
  Detail: The key authorization file from the server did not match
  this challenge
  “SkuWBBIZNRVX8ifMFgvkYidV-ox7mXOMJ1w8fjfGmhI.1lSsBwK5WcJ47sIeOTSixE9VNhSB3JbndlneL54AQqg”
  !=
  “SkuWBBIZNRVX8ifMFgvkYidV-ox7mXOMJ1w8fjfGmhI.6xQTfKuGE2d8bXyzN92et2yE1nGTRNagxPn3CaLChck”

  Domain: www.sleep-foundation.com
  Type: unauthorized
  Detail: The key authorization file from the server did not match
  this challenge
  “Wvcb6HiVJYK3j-FhqqivO39nugJ7k_FRgcRpggOm3-o.1lSsBwK5WcJ47sIeOTSixE9VNhSB3JbndlneL54AQqg”
  !=
  “Wvcb6HiVJYK3j-FhqqivO39nugJ7k_FRgcRpggOm3-o.6xQTfKuGE2d8bXyzN92et2yE1nGTRNagxPn3CaLChck”

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

My web server is (include version):

The operating system my web server runs on is (include version): Ubuntu 16.04.6 (LTS) x64
My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know):Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Vesta

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.37.1

Hi @doggo11

looks like you use the wrong command.

VestaCP has an integrated Letsencrypt support.

Checking your domain that's visible ( https://check-your-website.server-daten.de/?q=sleep-foundation.com ):

Checking a file in /.well-known/acme-challenge, the content of that file:

filename + "." + base64(Hash(Public Account key))

Result:

Good: Acme-Check - Answer looks like a correct keyAuthorization - String: Filename + "." + base64url(Thumbprint(accountKey)). So creating a Letsencrypt certificate using that integrated solution should work. Don't use another client (like Certbot). Don't mix integrated solutions with own ACME-clients, that may not work.

But your error says:

So you have a - wrong - second configuration with a second Letsencrypt account.

So using letsencrypt-vesta doesn't work with your integrated solution.

Check your configuration or ask your hoster to understand, how to create a certificate with your integrated solution.

PS: You have already created two Letsencrypt certificates:

So it's the wrong tool you use.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.