I can't configure ssl certificate error shown: Failed authorization procedure. www.blankslateit.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.blankslateit.com/.well-

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: blankslateit.com

I ran this command:
certbot certonly --cert-name -d blankslateit.com -d www.blankslateit.com

It produced this output:
Failed authorization procedure. www.blankslateit.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.blankslateit.com/.well-known/acme-challenge/tuitqRyawEBcioDAbrRhYgKoC-6xz6hgDvWVv81vr_I [2604:a880:400:d0::5c1:6001]: "\n\n\n \n <link rel="stylesheet" href="https://unpkg.com/@shopify/polaris@4.0.0-r", blankslateit.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://blankslateit.com/.well-known/acme-challenge/_Q-StXwD5Ncx86gZEa7BZs4ydlSPpEJCmeody1uoI-Y [2604:a880:400:d0::5c1:6001]: "\n\n\n \n <link rel="stylesheet" href="https://unpkg.com/@shopify/polaris@4.0.0-r"

IMPORTANT NOTES:

My web server is (include version):
nginx version: nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 18.04.4 LTS

My hosting provider, if applicable, is:
App hosted on Digitalocean
Domain from Google

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
0.31.0

1 Like

welcome in community
the authenticator plugin is missing.
zb --nginx

Okay @jens_hb thanks for your reply. I tried the command zb --nginx but it says command not found

with the certbot command, also enter the --nginx parameter

I also used this command before but it's also not working. I'm pasting here,
certbot --nginx -d blankslateit.com -d www.blankslateit.com

with the same error messages?

Name:      blankslateit.com
Addresses: 2604:a880:400:d0::5c1:6001
           157.245.243.6

curl -Iki4 blankslateit.com
HTTP/1.1 200 OK

curl -Iki6 blankslateit.com
HTTP/1.1 403 Forbidden

2 Likes

Yes
Below is the error,
Failed authorization procedure. blankslateit.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://blankslateit.com/.well-known/acme-challenge/SRYmWajO1fpsRecZ-Zq33RqBRTTGrb21z1tHqVI30CY [2604:a880:400:d0::5c1:6001]: "\n\n\n \n <link rel="stylesheet" href="https://unpkg.com/@shopify/polaris@4.0.0-r"

IMPORTANT NOTES:

You need a fully functional HTTP site before it can be secured via HTTP authentication method.
LE prefers IPv6 over IPv4 when present.
The site only works via IPv4.
It fails via IPv6.

I configured ipv6 after I got this error of authentication before it was only ipv4 configured. Can I try removing it from configuration file in nginx?

DNS controls the path taken by LE.
If nginx can't provide IPv6 service, then you should remove the AAAA entries from DNS.

Thanks for your reply.
I removed that AAAA entries from dns setting. let's see what happen.

1 Like

Wait for DNS to synchronize to all your authoritative servers before continuing.
OR
Use the --staging environment for these tests.

I see it all synced now.

1 Like

@rg305 I tried it again but same error.
I also created /.well-known/acme-challenge directories in app root, and also wrote location directive to allow all with below code

	location ^~ /.well-known/acme-challenge/ {
		allow all;
		root /var/www/html;
	    default_type "text/plain";
	}

Please show the error log file.

Not really the best place to send ACME challenge requests.

Even via IPv4, the site doesn't seem functional.

If it is not too large, please show the full output of:
sudo nginx -T

Here is output of nginx -T command

Sorry, but that screenshot site requires captcha (annoying) and can't possibly hold the entire contents of that output.

Please show the error log file.

which error log file should I paste here? letsencrypt log or nginx error log? in which location i can find that?

letsencrypt

/var/log/letsencrypt/letsencrypt.log