Looking for help resolving an Authorization Error when creating a new cert


#1

Hey all!

I have a server that has about 15 sites on it - all have Lets Encrypt certs that were created automatically and automatically renew without issue. I add on average 2 new sites per month.

I added a new site yesterday and attempted to automatically install the ssl cert, but I’m running into an authorization error I’ve never seen and can’t seem to resolve. Any help or direction is greatly appreciated!

See below for logs:

` sudo certbot --authenticator standalone --installer apache --email support@studio98.com --eff-email --agree-tos --redirect -d www.domain.com -d domain.com --pre-hook “systemctl stop apache2” --post-hook “systemctl start apache2”;

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer apache
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Running pre-hook command: systemctl stop apache2
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.domain.com
http-01 challenge for domain.com
Waiting for verification…
Cleaning up challenges
Running post-hook command: systemctl start apache2
Failed authorization procedure. domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain.com/.well-known/acme-challenge/1CkHe8iLRVHxWxub0jxg7Y8WqO__eLlvAEnb5DyBNUw: "\r\n<html lang=“en”>\r\n\r\n<!–[if ", www.domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.domain.com/.well-known/acme-challenge/zKWYdd6NMiC2lN944Lvc3Uk6Bvw66U90KeBnz3HRTZQ: "\r\n<html lang=“en”>\r\n\r\n<!–[if "
`


#2

What’s the domain? Are its DNS records pointed at the right server?


#3

Hey mnordhoff, thanks for the quick reply!

The domain is set up correctly, DNS configured correctly, and the site is resolving albeit without ssl currently.


#4

Hi,

If you refuse to provide us your domain name, we can’t help you…
This matter is completely depend on the domain (and site)

In the current situation (without the site and domain), god have a higher chance to help you resolve your issue than us (some volunteers in this forum).

Thank you


#5

My dude - I never refused to provide the domain…

The domain is www.howdesignlive.com

Some additional detail, I manually added the /.well-known/acme-challenge/ directory and added a test file that resolved without issue. http://www.howdesignlive.com/.well-known/acme-challenge/test


#6

Hi @blancast

you have an ipv4 and ipv6 - address. But there is different content:

https://letsdebug.net/www.howdesignlive.com/5909?debug=y

Not existing file:

[Address Type=IPv4,Server=Apache/2.4.18 (Ubuntu),HTTP Status=404] vs [Address Type=IPv6,Server=Apache,HTTP Status=404]

So check your ipv6 configuration or remove the ipv6 entry.


#7

Oh wow!

Thanks for pointing that out.

Removing the AAAA record now and giving it another shot.


#8

Now Letsdebug

https://letsdebug.net/www.howdesignlive.com/5918

is happy :wink:


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.