Let’s Encrypt failed to validation server on centos7 apache2.2


#1

My server is:centos7 apache2.2

I ran this command as root:
#yum install epel-release
#wget https://dl.eff.org/certbot-auto --no-check-certificate
#chmod a+x certbot-auto
#./certbot-auto certonly --webroot -w /var/www/XXXXX.XX.XXXXX.com/html/ -d XXXXX.XX.XXXXX.com

It produced this output:
Failed authorization procedure. XXXXX.XX.XXXXX.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://XXXXX.XX.XXXXX.com/.well-known/acme-challenge/DMMIWg7zvuoKqblI2lnb-QXqf9QDnX0Fr6GzD3go28U [50.19.97.71]: 404

IMPORTANT NOTES:

directory[.well-known] is created, but acme-challenge is not appeared.
i created acme-challenge/xie.txt, and [curl -k https://XXXXX.XX.XXXXX.com/.well-known/acme-challenge/xie.txt] is ok.
so, i think certbot-auto command can not created acme-challenge and a temporary file.
error log is not printed.
who can help me?


#2

Note that cerbot deletes the challenge files and the acme-challenge directory after the challenge is completed (independent of the result), so the fact that the directory is missing does not mean certbot didn’t create the files. certbot would show some user-visible error if there’s a problem while it tries to create the file.

I also noticed that your curl test used https://... - are you able to curl the file via http:// as well? The HTTP-01 challenge type always sends the initial request via HTTP (though it will happily accept a HTTP 301 or 302 redirect to HTTPS after that), so if you serve different content based on the protocol, that might be the issue.

If that doesn’t help either, I’d try a test file that’s named similarly to the challenge file, i.e. no extension, in case there’s something like a .htaccess file that interferes with some requests.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.