Incorrect Folder Setup on Apache Means HTTP Challenge Does Not Pass

Help
1

Please fill out the fields below so we can help you better.

My domain is: apartik.com

I ran this command: letsencrypt-vesta apartik apartik.com

It produced this output:
letsencrypt-vesta apartik apartik.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for apartik.com
http-01 challenge for www.apartik.com
Using the webroot path /etc/letsencrypt/webroot for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. apartik.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge [iRtxNI_xffy-FtA_KGMjv9RnNo4K251KZvfM9qpe94Q.b-K7w05BwJOGvg4VWlZF99C5h14CICoqt5-gPbmeSK8] != [iRtxNI_xffy-FtA_KGMjv9RnNo4K251KZvfM9qpe94Q.bVialEFXSokbIo3usG6esE2iPU1ix82ONJ6M4suXsQs], www.apartik.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge [EH0TmzxddcJ9GT5jtq5cDqlgH5C79Qdy_3Tx88xkF6g.b-K7w05BwJOGvg4VWlZF99C5h14CICoqt5-gPbmeSK8] != [EH0TmzxddcJ9GT5jtq5cDqlgH5C79Qdy_3Tx88xkF6g.bVialEFXSokbIo3usG6esE2iPU1ix82ONJ6M4suXsQs]

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: apartik.com
    Type: unauthorized
    Detail: The key authorization file from the server did not match
    this challenge
    [iRtxNI_xffy-FtA_KGMjv9RnNo4K251KZvfM9qpe94Q.b-K7w05BwJOGvg4VWlZF99C5h14CICoqt5-gPbmeSK8]
    !=
    [iRtxNI_xffy-FtA_KGMjv9RnNo4K251KZvfM9qpe94Q.bVialEFXSokbIo3usG6esE2iPU1ix82ONJ6M4suXsQs]

    Domain: www.apartik.com
    Type: unauthorized
    Detail: The key authorization file from the server did not match
    this challenge
    [EH0TmzxddcJ9GT5jtq5cDqlgH5C79Qdy_3Tx88xkF6g.b-K7w05BwJOGvg4VWlZF99C5h14CICoqt5-gPbmeSK8]
    !=
    [EH0TmzxddcJ9GT5jtq5cDqlgH5C79Qdy_3Tx88xkF6g.bVialEFXSokbIo3usG6esE2iPU1ix82ONJ6M4suXsQs]

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address.
    Let’s Encrypt returned an error status. Aborting.

My operating system is (include version): Debian 8 x64 (jessie)
linux-image-3.16.0-4-amd64 (3.16.39-1+deb8u2)

My web server is (include version): Apache/2.4.10 (Debian) and nginx/1.10.3 as proxy

My hosting provider, if applicable, is:https://www.vultr.com/

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): vesta CP 0.9.8

hi
On the old server, everything worked very well. Yesterday I decided to change the server (I’m moving to the new ip). I changed A record for the domain, first I thought I should wait until the DNS zones are updated, but it’s been 14 hours already and I can not get the certificate.

2

What are your old / new IP addresses ? I get 45.76.87.13 - is that correct for the new IP ?

Also, if I go to http://www.apartik.com/.well-known/acme-challenge/ I don’t see your verification token files - I get a plain text file instead.

3

45.76.87.13 - its my new IP
(my old IP was : 108.61.171.45 )

4

The problem then looks to be more related to providing the challenge within a folder http://www.apartik.com/.well-known/acme-challenge/ which it doesn’t appear to be doing at the moment. Can you provide more detailed debug information ? and can you reach the correct validation test yourself ?

5

I delete .well-known/acme-challenge/
regenerate key and it all worked
thanks for answers

1 Like
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.