Letsencrypt-vesta - Potential Bug - Miscalculating the Key Authorization

fabianborg · May 1, 2017, 11:21am

Hello

I am aware that there are other posts on this issue, tried all the remedies suggested but none worked for me.

I have a server running Ubuntu 16.04.02 LTS with VESTACP and installed letsencrypt-vesta following this guide here on apache2.

When I run this code letsencrypt-vesta admin example.com (example.com replaces a real domain name) I get the following error

root@server:~# letsencrypt-vesta admin example.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example.com
http-01 challenge for www.example.com
Using the webroot path /etc/letsencrypt/webroot for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge [SpF5RYoAUL7KwL2wcS-vsrJb53pmeIKKn6U9SmMyMYU.beYaC8qzUM_StuviLZkDy-IMn7twZbTthcdtLGvfv_Y] != [SpF5RYoAUL7KwL2wcS-vsrJb53pmeIKKn6U9SmMyMYU.JZBgjnhAN-WRJGBziNjLkVP-uvfOXwX_XDx2tUx1rEs], example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge [t4jqnRu-wXy57VMjdx0mzNdBpSTGvWLvh645hGcYC6c.beYaC8qzUM_StuviLZkDy-IMn7twZbTthcdtLGvfv_Y] != [t4jqnRu-wXy57VMjdx0mzNdBpSTGvWLvh645hGcYC6c.JZBgjnhAN-WRJGBziNjLkVP-uvfOXwX_XDx2tUx1rEs]

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.example.com
   Type:   unauthorized
   Detail: The key authorization file from the server did not match
   this challenge
   [SpF5RYoAUL7KwL2wcS-vsrJb53pmeIKKn6U9SmMyMYU.beYaC8qzUM_StuviLZkDy-IMn7twZbTthcdtLGvfv_Y]
   !=
   [SpF5RYoAUL7KwL2wcS-vsrJb53pmeIKKn6U9SmMyMYU.JZBgjnhAN-WRJGBziNjLkVP-uvfOXwX_XDx2tUx1rEs]

   Domain: example.com
   Type:   unauthorized
   Detail: The key authorization file from the server did not match
   this challenge
   [t4jqnRu-wXy57VMjdx0mzNdBpSTGvWLvh645hGcYC6c.beYaC8qzUM_StuviLZkDy-IMn7twZbTthcdtLGvfv_Y]
   !=
   [t4jqnRu-wXy57VMjdx0mzNdBpSTGvWLvh645hGcYC6c.JZBgjnhAN-WRJGBziNjLkVP-uvfOXwX_XDx2tUx1rEs]

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.
Let's Encrypt returned an error status.  Aborting.
root@server:~#

DNS A record is properly set to direct to the server’s fixed public ip address.

How can I fix this error.

cpu · May 1, 2017, 2:40pm

Has anyone tried reporting this as a bug to the maintainers of Vestacp? It seems like it is miscalculating the key authorization.

fabianborg · May 1, 2017, 3:12pm

@cpu I have filed a bug report on the git of the letsencrypt-vesta dev team here

cpu · May 1, 2017, 3:13pm

Great thank you! I will subscribe to the repo.

system · May 31, 2017, 3:24pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.