Let' Encrypt : The client lacks sufficient authorization

If I am wrong, please correct me.

Yes, you will need to allow HTTP (to pass HTTP validation and get a cert)
and also HTTPS (if that is where you are going to use the cert)

when I login my website at http://landwtools.com, it can only shows :

but it still can not show as below which it should be :

which means my Nginx is still with problem, isn’t it?

So when I move forward to Let’s Encrypt, and execute the command

$sudo certbot certonly --agree-tos --email admin@landwtools.com --webroot -w /var/lib/letsencrypt/ -d landwtools.com -d www.landwtools.com

it still not shows success :

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for landwtools.com
http-01 challenge for www.landwtools.com
Using the webroot path /var/lib/letsencrypt for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. landwtools.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://landwtools.com/.well-known/acme-challenge/mZw-Kfo-ZMeUlzV7IzfgqCgmrY2b7xdJkKuGzDjBpq8: Timeout during connect (likely firewall problem), www.landwtools.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.landwtools.com/.well-known/acme-challenge/JRKFsmBRvjECJ0F5dTUYLJHcaz9pPgzg8nly6DLQgS4: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:

Firewall seems still be with problem, and do you have more other suggestions ?

Plenty.

Starting with:
You need to get your site working correctly before you continue trying to get a cert for it.

What content is it supposed to be showing (from which folder/path) ?

and you have yet to show this output:

You are aking for a lot of help (mostly with things that have little to do with certbot/LE) and you are providing almost no answers to any questions…

Aa, finally get the dream “congratulation”

It is due to newly added http which should be with custom IP in 0.0.0.0/0 instead previously incorrected automatic populated IP while select MY IP

Anyway, I will continue for the rest step, and while have new problems, I will ask you.

Thanks, and nice day

1 Like

Only if they are related to certbot or LetsEncrypt.

Okay, I can fully respect now. Anyway, thanks for your helps.

1 Like

One question about Certbo, please

execute
$sudo nginx -T | grep -i ‘server_name|landwtools|virtual|root|listen’

it shows :slightly_smiling_face:
nginx: [warn] conflicting server name “landwtools.com” on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name “www.landwtools.com” on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name “www.landwtools.com” on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name “landwtools.com” on 0.0.0.0:443, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

then I fix as below :slightly_smiling_face:

first check :slightly_smiling_face:
$ls -l /etc/nginx/sites-available

it shows :slightly_smiling_face:
total 12
-rw-r–r-- 1 root root 2416 Apr 6 2018 default
-rw-r–r-- 1 root root 341 Sep 14 00:21 landwtools.com
-rw-r–r-- 1 root root 960 Sep 15 17:36 landwtools.com.conf

Aa, the famous landwtools.com comes again

so I execute again :slightly_smiling_face:
$sudo unlink /etc/nginx/sites-enabled/landwtools.com

then it shows
total 0
lrwxrwxrwx 1 root root 34 Sep 14 00:03 default -> /etc/nginx/sites-available/default
lrwxrwxrwx 1 root root 46 Sep 14 00:27 landwtools.com.conf -> /etc/nginx/sites-available/landwtools.com.conf

which means okay now

but what I am just doing is by hand to unlink

so I try execute
$sudo a2dissite /etc/nginx/sites-enabled/landwtools.com

but it returns
sudo: a2dissite: command not found

my question is :slightly_smiling_face:
whether I need to install this a2dissite package, which seems an “automatic” gay

to execute
$ sudo a2dissite /etc/nginx/sites-enabled/landwtools.com

and then I will do not need hand to unlink this kind of problem?

That is NOT good.

Sorry, I gave you the wrong command (“a2” is for Apache2 - you are running NGINX)

If you don’t need the second file, just delete it:
rm /etc/nginx/sites-available/landwtools.com

Hi, thanks for feedback

may I ask for another question :
when I stop my current aws ec2 instance, and then I change my aws instance type ( increase from t2.small to t2.medium ), and then I restart my aws ec2 instance, to my surprise, and when I login landwtools.com, it failed with following displaying :

image

then I check myself as below :

$ls -l /etc/nginx/sites-available
it returns Ok

$ls -l /etc/nginx/sites-enabled
it returns Ok

So what’s this problem from? and Why I can not reach my landwtools.com after I change my aws ec2 instance type only ? Can you give me some advice. Thanks

How are those OK?
Where did the enabled config file go?

Okay, I post all

when execute :slightly_smiling_face:
$ls -l /etc/nginx/sites-available

it shows :slightly_smiling_face:
-rw-r–r-- 1 root root 2416 Apr 6 2018 default
-rw-r–r-- 1 root root 960 Sep 15 17:36 landwtools.com.conf

then

when execute :slightly_smiling_face:
$ls -l /etc/nginx/sites-enabled

it returns :slightly_smiling_face:
lrwxrwxrwx 1 root root 34 Sep 14 00:03 default -> /etc/nginx/sites-available/default
lrwxrwxrwx 1 root root 46 Sep 14 00:27 landwtools.com.conf -> /etc/nginx/sites-available/landwtools.com.conf

since I read them very similar to my last time’s correct setup, I said they are Okay.

Is those not Okay under your check ?

Yes, that should be OK.
But I also see the “Welcome to nginx!” default page.

Your system is difficult to troubleshoot.
It doesn’t even produce the expected nginx -T output.
I don’t know how to help you with this.
[and the current problem is way outside the realm of this forum]

Otherwise, everything cert related, seems to be working:

  • valid cert [expires Mon, 14 Dec 2020 16:26:05 UTC (in 2 months and 26 days)]
  • http to https redirection
  • https redirects to remove www