Invalid response for ACME challenge


#1

Hi there,

I’m having trouble while testing Let’s Encrypt. I have downloaded Let’s Encrypt via git. I’m using the following command to create a certificate :
> ./letsencrypt-auto certonly --test-cert --webroot -w /var/www/curieuxdinfo.info/ -d curieuxdinfo.info -d www.curieuxdinfo.info

This is the return I got :
> Checking for new version…
> Requesting root privileges to run letsencrypt…
_> /root/.local/share/letsencrypt/bin/letsencrypt certonly --test-cert --webroot -w /var/www/curieuxdinfo.info/ -d [domain and subdomain]
> Failed authorization procedure. [subdomain] (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from [subdomain]/.well-known/acme-challenge/I8ho2HvBZ1TaIybrMcKMUu51j69tknm10CW-TianOB8 [51.254.206.240]: 404, [domain] (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from [domain]/.well-known/acme-challenge/WCNLIpPafZN9NHyhSFT9fetGs94hL-ue60wSfqrI_6w [51.254.206.240]: 404

> IMPORTANT NOTES:
> - The following errors were reported by the server:

_> Domain: [subdomain]
> Type: unauthorized
> Detail: Invalid response from [subdomain]/.well-
> known/acme-challenge/I8ho2HvBZ1TaIybrMcKMUu51j69tknm10CW-TianOB8
> [51.254.206.240]: 404

_> Domain: [domain]
> Type: unauthorized
> Detail: Invalid response from [domain]/.well-known
> /acme-challenge/WCNLIpPafZN9NHyhSFT9fetGs94hL-ue60wSfqrI_6w
> [51.254.206.240]: 404

> To fix these errors, please make sure that your domain name was
> entered correctly and the DNS A record(s) for that domain
> contain(s) the right IP address

It seems the client doesn’t have sufficient privilege but I used “sudo” so I don’t understand. Concerning the DNS A record, the configuration correspond to the IP of my server, so I guess it’s ok.
I checked .well-known/acme-challenge/WCNLIpPafZN9NHyhSFT9fetGs94hL-ue60wSfqrI_6w in browser and got 404 error, accordingly to errors report. There is any new directory in the web path root so maybe that’s the problem.
Any clue ?


#2

The problem would appear to be that for some reason http://www.curieuxdinfo.info/.well-known/acme-challenge/I8ho2HvBZ1TaIybrMcKMUu51j69tknm10CW-TianOB8 could not be reached.

I’m assuming it was www.curieuxdinfo.info as you actually only say it was “subdomain”

was the /var/www/curieuxdinfo.info/.well-known/acme-challenge/ folder created ?

If you place a file in there ( such as the I8ho2HvBZ1TaIybrMcKMUu51j69tknm10CW-TianOB8 file) can you then reach it in your browser ?


#3

Yes it was www, I replaced with [subdomain] as I’m new I only can post 2 links in post :smile:

/var/www/curieuxdinfo.info is the root path, but there is two folders in. One for http (there’s nothing but a message as the site is non-ready) and one for https that only me can access (I auto-generated my certificate, thats why I’m trying now letsencrypt before letting everyone see the site). Letsencrypt command didn’t create any new folder.

I guess the problem is here : currently, in my virtual host, if the request correspond to http it is redirect to the folder where there is the current page (site not ready). If the request is https (and its me), it is redirect to the folder with the cms.
So it is impossible for letsencrypt to access /.well-known/acme-challenge/I8ho2HvBZ1TaIybrMcKMUu51j69tknm10CW-TianOB8 on my domain.

Do you have idea on how should I configure this ?


#4

Configure /var/www/curieuxdinfo.info/http as your root and don’t redirect any requests starting with /.well-known/acme-challenge/.


#5

What is your setup ? are you using apache ? ( or nginx ? )

How are you currently blocking access and redirecting ? in .htaccess ? if so you could include something like

<Directory /.well-known/acme-challenge/ >
     Order Deny,Allow
     Allow from All
</Directory>

#6

Hi,

Thanks for your help. Unfortunately, I couldn’t test this as I don’t get time anymore to do this project (personnal problem).
This subject can be close, I keep in mind what you suggest to resolve my problem later.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.