I can't configure ssl certificate error shown: Failed authorization procedure. www.blankslateit.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.blankslateit.com/.well-

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: blankslateit.com

I ran this command:
certbot certonly --cert-name -d blankslateit.com -d www.blankslateit.com

It produced this output:
Failed authorization procedure. www.blankslateit.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.blankslateit.com/.well-known/acme-challenge/tuitqRyawEBcioDAbrRhYgKoC-6xz6hgDvWVv81vr_I [2604:a880:400:d0::5c1:6001]: "\n\n\n \n <link rel="stylesheet" href="https://unpkg.com/@shopify/polaris@4.0.0-r", blankslateit.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://blankslateit.com/.well-known/acme-challenge/_Q-StXwD5Ncx86gZEa7BZs4ydlSPpEJCmeody1uoI-Y [2604:a880:400:d0::5c1:6001]: "\n\n\n \n <link rel="stylesheet" href="https://unpkg.com/@shopify/polaris@4.0.0-r"

IMPORTANT NOTES:

My web server is (include version):
nginx version: nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 18.04.4 LTS

My hosting provider, if applicable, is:
App hosted on Digitalocean
Domain from Google

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
0.31.0

1 Like

welcome in community
the authenticator plugin is missing.
zb --nginx

Okay @jens_hb thanks for your reply. I tried the command zb --nginx but it says command not found

with the certbot command, also enter the --nginx parameter

I also used this command before but it's also not working. I'm pasting here,
certbot --nginx -d blankslateit.com -d www.blankslateit.com

with the same error messages?

Name:      blankslateit.com
Addresses: 2604:a880:400:d0::5c1:6001
           157.245.243.6

curl -Iki4 blankslateit.com
HTTP/1.1 200 OK

curl -Iki6 blankslateit.com
HTTP/1.1 403 Forbidden

3 Likes

Yes
Below is the error,
Failed authorization procedure. blankslateit.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://blankslateit.com/.well-known/acme-challenge/SRYmWajO1fpsRecZ-Zq33RqBRTTGrb21z1tHqVI30CY [2604:a880:400:d0::5c1:6001]: "\n\n\n \n <link rel="stylesheet" href="https://unpkg.com/@shopify/polaris@4.0.0-r"

IMPORTANT NOTES:

You need a fully functional HTTP site before it can be secured via HTTP authentication method.
LE prefers IPv6 over IPv4 when present.
The site only works via IPv4.
It fails via IPv6.

1 Like

I configured ipv6 after I got this error of authentication before it was only ipv4 configured. Can I try removing it from configuration file in nginx?

DNS controls the path taken by LE.
If nginx can't provide IPv6 service, then you should remove the AAAA entries from DNS.

1 Like

Thanks for your reply.
I removed that AAAA entries from dns setting. let's see what happen.

1 Like

Wait for DNS to synchronize to all your authoritative servers before continuing.
OR
Use the --staging environment for these tests.

I see it all synced now.

2 Likes

@rg305 I tried it again but same error.
I also created /.well-known/acme-challenge directories in app root, and also wrote location directive to allow all with below code

	location ^~ /.well-known/acme-challenge/ {
		allow all;
		root /var/www/html;
	    default_type "text/plain";
	}

Please show the error log file.

Not really the best place to send ACME challenge requests.

1 Like

Even via IPv4, the site doesn't seem functional.

If it is not too large, please show the full output of:
sudo nginx -T

1 Like

Here is output of nginx -T command

Sorry, but that screenshot site requires captcha (annoying) and can't possibly hold the entire contents of that output.

1 Like

Please show the error log file.

which error log file should I paste here? letsencrypt log or nginx error log? in which location i can find that?

letsencrypt

/var/log/letsencrypt/letsencrypt.log

1 Like