Lets Encrypt - Failed Autorisation error


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ci.stg-mpg.mpayment.sg

I ran this command:
certbot certonly -n --agree-tos -m kimfook.chong@mpayment.sg --webroot -w /var/www/ci.stg-mpg.mpayment.sg/ -d ci.stg-mpg.mpayment.sg.
I am running this command from my chef coobook

It produced this output:
Failed authorization procedure. ci.stg-mpg.mpayment.sg (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://ci.stg-mpg.mpayment.sg/.well-known/acme-challenge/le3G6NO9zzzc1zvKqrmavORYD3ZDSqIA3daQHsovTCc: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n

404 Not Found

\r\n

My web server is (include version): Nginx

The operating system my web server runs on is (include version): Centos 7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

Error Details below:
execute[Request SSL Cert] action run

================================================================================
Error executing action run on resource ‘execute[Request SSL Cert]’

Mixlib::ShellOut::ShellCommandFailed

Expected process to exit with [0], but received ‘1’
---- Begin output of certbot certonly -n --agree-tos -m xxxxxx@gmail.com3 --webroot -w /var/www/mydomain.com/ -d mydomain.com ----
STDOUT: IMPORTANT NOTES:

  • The following errors were reported by the server:

Domain: mydomain.com
Type: unauthorized
Detail: Invalid response from
http://mydomain.com/.well-known/acme-challenge/le3G6NO9zzzc1zvKqrmavORYD3ZDSqIA3daQHsovTCc:
“\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n

404 Not
Found

\r\n

To fix these errors, please make sure that your domain name was
ntered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.
    STDERR: Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator webroot, Installer None
    Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
    Obtaining a new certificate
    Performing the following challenges:
    http-01 challenge for ci.stg-mpg.mpayment.sg
    Using the webroot path /var/www/mydomain.com for all unmatched domains.
    Waiting for verification…
    Cleaning up challenges
    Failed authorization procedure. mdydomain.com(http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mydomain.com/.well-known/acme-challenge/le3G6NO9zzzc1zvKqrmavORYD3ZDSqIA3daQHsovTCc: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n

    404 Not Found

    \r\n

    ---- End output of certbot certonly -n --agree-tos -m XXXX@gmail.com --webroot -w /var/www/mydomain.com/ -d mydomain.com ----

#2

Hi @noblem3

is there the running webserver of http://ci.stg-mpg.mpayment.sg/ ?

If no, you have to run certbot on the machine with the webserver.

If yes, pleas create a file (file name 1234) in

/var/www/ci.stg-mpg.mpayment.sg/.well-known/acme-challenge

and check, if you can load this file via

http://ci.stg-mpg.mpayment.sg/.well-known/acme-challenge/1234

If no, the path is wrong or there are wrong redirects.


#3

Hi @JuergenAuer thank you for the reply.

I manage to resolve the issue, that was because I didn’t have a dummy file in the nginx root directory, so that nginx server is not restarting properly. After adding a new file, I was able to load the webpage and create the certificate also.

Thanks a lot for your help…:slightly_smiling_face: (like)


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.