Lost account from letsencrypt - directories - keys - evething


#1

After creating the ssl keys for my domain I had problems with letsencrypt client.
Before removing anything I revoke the keys by the customer as shown in forum posts:

./letsencrypt-auto revoke --path-revoke = / x / x / x / x / x.pem
Everything seemed to have been ok.

So I removed all directories of the program. Including:
/etc/letsencrypt, /home/user/letsencrypt and /home/user/.local/share/letsencrypt

I had to follow the following tip to reinstall the client:


After that I could not recreate my certificate more.
I keep getting the same error:

Version: 1.1-20080819
Version: 1.1-20080819
Failed authorization procedure. xxxxxxx.com
(http-01): urn: acme: error: unauthorized :: The client lacks
sufficient authorization :: Error parsing key authorization file:
Invalid key authorization: 53 parts, app.xxxxxxxx.com (http-01): urn : acme: error: unauthorized :: The client lacks sufficient
authorization :: error parsing key authorization file: Invalid key
authorization: 53 parts

IMPORTANT NOTES:

  • The Following Errors Were Reported by the server:

    Domain: xxxxx.com
    Type: unauthorized
    Detail: Error parsing key authorization file: Invalid key
    authorization: 53 parts

    Domain: app.xxxxx.com
    Type: unauthorized
    Detail: Error parsing key authorization file: Invalid key
    authorization: 53 parts

    To fix These errors, please make sure que your domain name was
    Correctly entered and the DNS A record (s) for that domain
    contain (s) the right IP address.

There are two my doubts:

1 - If there is any way to revoke the keys referring to them by crt.sh

  • It was not clear how to me through the posts I found on the forum.

2 - If the case is not possible. How long should I waiting for my account and my certificate be revoked and deleted.

Grateful.


#2

I’m not sure if you really need to concern yourself with revocation in this scenario. Revocation is something you do if your private key is compromised. If you just want to stop using a certificate or account, delete them from your disk and you’re good to go. No need to revoke anything. Revoking old certificates won’t have any effect on your ability to request additional certificates, even for the exact same domain.

Based on your description, I understand you deleted /etc/letsencrypt and your copy of the client. Did you then also re-run the letsencrypt-auto script, or just the pip commands from that post? That might not be enough.

If that doesn’t help, run the client in verbose mode by appending -t -vvvv to the end of your command and paste the full output as well as the contents of /var/log/letsencrypt/letsencrypt.log here.


#3

cat letsencrypt.log
2016-04-20 13:32:44,791:DEBUG:letsencrypt.main:Root logging level set at -10
2016-04-20 13:32:44,793:INFO:letsencrypt.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2016-04-20 13:32:44,794:DEBUG:letsencrypt.main:letsencrypt version: 0.5.0
2016-04-20 13:32:44,794:DEBUG:letsencrypt.main:Arguments: [’–webroot’, ‘-w’, ‘/opt/nginx/xxxx.com’, ‘-d’, ‘xxxx.com’, ‘-d’, ‘app.xxxx.com’, ‘-t’, ‘-vvvv’]
2016-04-20 13:32:44,794:DEBUG:letsencrypt.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2016-04-20 13:32:44,795:DEBUG:letsencrypt.plugins.selection:Requested authenticator webroot and installer None
2016-04-20 13:32:44,800:DEBUG:letsencrypt.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = letsencrypt.plugins.webroot:Authenticator
Initialized: <letsencrypt.plugins.webroot.Authenticator object at 0x7f4a4b7dfd10>
Prep: True
2016-04-20 13:32:44,800:DEBUG:letsencrypt.plugins.selection:Selected authenticator <letsencrypt.plugins.webroot.Authenticator object at 0x7f4a4b7dfd10> and installer None
2016-04-20 13:32:45,105:DEBUG:letsencrypt.main:Picked account: <Account(79ad1daec179eb32707a15214cacac69)>
2016-04-20 13:32:45,106:DEBUG:root:Sending GET request to https://acme-v01.api.letsencrypt.org/directory. args: (), kwargs: {}
2016-04-20 13:32:45,113:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-04-20 13:32:46,148:DEBUG:requests.packages.urllib3.connectionpool:“GET /directory HTTP/1.1” 200 263
2016-04-20 13:32:46,150:DEBUG:root:Received <Response [200]>. Headers: {‘Content-Length’: ‘263’, ‘Expires’: ‘Wed, 20 Apr 2016 13:32:46 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Wed, 20 Apr 2016 13:32:46 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘OHFZDhtK8fbTJG2r_BOtvfU–4PTz2MaxzbJsc7tzlo’}. Content: '{“new-authz”:“https://acme-v01.api.letsencrypt.org/acme/new-authz",“new-cert”:“https://acme-v01.api.letsencrypt.org/acme/new-cert”,“new-reg”:“https://acme-v01.api.letsencrypt.org/acme/new-reg”,“revoke-cert”:"https://acme-v01.api.letsencrypt.org/acme/revoke-cert”}'
2016-04-20 13:32:46,150:DEBUG:acme.client:Received response <Response [200]> (headers: {‘Content-Length’: ‘263’, ‘Expires’: ‘Wed, 20 Apr 2016 13:32:46 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Wed, 20 Apr 2016 13:32:46 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘OHFZDhtK8fbTJG2r_BOtvfU–4PTz2MaxzbJsc7tzlo’}): ‘{“new-authz”:“https://acme-v01.api.letsencrypt.org/acme/new-authz",“new-cert”:“https://acme-v01.api.letsencrypt.org/acme/new-cert”,“new-reg”:“https://acme-v01.api.letsencrypt.org/acme/new-reg”,“revoke-cert”:"https://acme-v01.api.letsencrypt.org/acme/revoke-cert”}‘
2016-04-20 13:32:46,167:DEBUG:root:Requesting fresh nonce
2016-04-20 13:32:46,167:DEBUG:root:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {}
2016-04-20 13:32:46,169:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-04-20 13:32:46,593:DEBUG:requests.packages.urllib3.connectionpool:“HEAD /acme/new-authz HTTP/1.1” 405 0
2016-04-20 13:32:46,595:DEBUG:root:Received <Response [405]>. Headers: {‘Content-Length’: ‘78’, ‘Pragma’: ‘no-cache’, ‘Expires’: ‘Wed, 20 Apr 2016 13:32:46 GMT’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Allow’: ‘POST’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Wed, 20 Apr 2016 13:32:46 GMT’, ‘Content-Type’: ‘application/problem+json’, ‘Replay-Nonce’: ‘O1jZo4p9r9ek_6SeF-TvQH78su0L6Muv9oFKFuWurNc’}. Content: ‘‘
2016-04-20 13:32:46,595:DEBUG:acme.client:Storing nonce: ‘;X\xd9\xa3\x8a}\xaf\xd7\xa4\xff\xa4\x9e\x17\xe4\xef@~\xfc\xb2\xed\x0b\xe8\xcb\xaf\xf6\x81J\x16\xe5\xae\xac\xd7’
2016-04-20 13:32:46,596:DEBUG:acme.jose.json_util:Omitted empty fields: combinations=None, challenges=None, expires=None, status=None
2016-04-20 13:32:46,596:DEBUG:acme.client:Serialized JSON: {“identifier”: {“type”: “dns”, “value”: “xxxx.com”}, “resource”: “new-authz”}
2016-04-20 13:32:46,597:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), jwk=None, typ=None, jku=None, cty=None, x5tS256=None, x5u=None, alg=None, x5t=None
2016-04-20 13:32:46,600:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), typ=None, jku=None, cty=None, x5tS256=None, x5u=None, x5t=None, nonce=None
2016-04-20 13:32:46,600:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {‘data’: ‘{“header”: {“alg”: “RS256”, “jwk”: {“e”: “AQAB”, “kty”: “RSA”, “n”: “opwPFwCMaVPfsE6jAnhjRQsyTApmtGZiUQT3XCVk2Tg4XDha1nH9pDoIDta0DbD8nS6U-5a9XZsCFUQ0Y7bbDaU3hSJEmBw7C71lvXCDpMu-F1kOBvQXOmkhXQzhbpaed_3N3HBTXKsfsde45sFT-AJgGWtqMfLFvD2J8bLV5jZPUUJsPaWfjglL58wJWPkFG7fwfVA_KA1uWanyv–1BmDid3Y7otpXTlc1Jn56BWOFOTv-60vs-YOOISRseaZkzcjB1wwSoXUUvV33wqz55-HLwJSJzptt1qp9hwyRoKluFwGvm6JvE5xikpwnhQ3K9d2Wr_Y3ERcmpuE3dfHXZw”}}, “protected”: “eyJub25jZSI6ICJPMWpabzRwOXI5ZWtfNlNlRi1UdlFINzhzdTBMNk11djlvRktGdVd1ck5jIn0”, “payload”: “eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJiaW1hY2hpbmUuY29tIn0sICJyZXNvdXJjZSI6ICJuZXctYXV0aHoifQ”, “signature”: “jorad2fqDWTlmJf0u02jEXATZ7VfbZCnd9980LjlKnu-3Izzv4LdSxYzs6ylgEiI8Du10lzx3BhkqCX7ijxNSYUYWAYtKTaH9eCrLKD4jeQfpqI2JzPIXcHfVnb3FPf9gkM4NovljvOJlaTTeb7HkBDp8cPGr9TweVbQPBNrNqombJWReJfQu5Mi9h8aVkISRtaLd3d62ISKRXypBQkjIgoZ7OqGWvB_B_txm3t2ZfvNpTBkibBuSvAQvFWe8GrMXUQUPDTNa7x6UB55k0gTS9fMCJZ-TkgfIxVUWefwu6e8xIzpP9yDRVRTC0upyLF7AJdNQFC6VgHwTXkpu5ec1A”}’}
2016-04-20 13:32:46,601:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-04-20 13:32:46,795:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/new-authz HTTP/1.1” 201 776
2016-04-20 13:32:46,798:DEBUG:root:Received <Response [201]>. Headers: {‘Content-Length’: ‘776’, ‘Expires’: ‘Wed, 20 Apr 2016 13:32:46 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/WwNbRUpL4zRK1-ca_qI2TYo6MgvzHfiYcg_4qQhN88k’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Wed, 20 Apr 2016 13:32:46 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘M-1nFujVcDsHAV_lnSGpXQi1_x-Vhrl2sBNY-IrtXpM’}. Content: ‘{“identifier”:{“type”:“dns”,“value”:“xxxx.com”},“status”:“pending”,“expires”:“2016-04-27T13:32:46.703724198Z”,“challenges”:[{“type”:“tls-sni-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/WwNbRUpL4zRK1-ca_qI2TYo6MgvzHfiYcg_4qQhN88k/54869874",“token”:“6v1oUp6YqfeEu1VcxihjCZDaVdioYninpR7yktJ-TSM”},{“type”:“http-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/WwNbRUpL4zRK1-ca_qI2TYo6MgvzHfiYcg_4qQhN88k/54869875”,“token”:“bVLCsg-L0eZKmho0gUQNUs6IWlJr6ywUpNvA7wKayBA”},{“type”:“dns-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/WwNbRUpL4zRK1-ca_qI2TYo6MgvzHfiYcg_4qQhN88k/54869876”,“token”:“K8jFnQtGfaTpKCXZ7le2Gyopp695Lb-CSHo_N-7IJus”}],"combinations”:[[1],[2],[0]]}‘
2016-04-20 13:32:46,799:DEBUG:acme.client:Storing nonce: ‘3\xedg\x16\xe8\xd5p;\x07\x01_\xe5\x9d!\xa9]\x08\xb5\xff\x1f\x95\x86\xb9v\xb0\x13X\xf8\x8a\xed^\x93’
2016-04-20 13:32:46,799:DEBUG:acme.client:Received response <Response [201]> (headers: {‘Content-Length’: ‘776’, ‘Expires’: ‘Wed, 20 Apr 2016 13:32:46 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/WwNbRUpL4zRK1-ca_qI2TYo6MgvzHfiYcg_4qQhN88k’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Wed, 20 Apr 2016 13:32:46 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘M-1nFujVcDsHAV_lnSGpXQi1_x-Vhrl2sBNY-IrtXpM’}): ‘{“identifier”:{“type”:“dns”,“value”:“xxxx.com”},“status”:“pending”,“expires”:“2016-04-27T13:32:46.703724198Z”,“challenges”:[{“type”:“tls-sni-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/WwNbRUpL4zRK1-ca_qI2TYo6MgvzHfiYcg_4qQhN88k/54869874",“token”:“6v1oUp6YqfeEu1VcxihjCZDaVdioYninpR7yktJ-TSM”},{“type”:“http-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/WwNbRUpL4zRK1-ca_qI2TYo6MgvzHfiYcg_4qQhN88k/54869875”,“token”:“bVLCsg-L0eZKmho0gUQNUs6IWlJr6ywUpNvA7wKayBA”},{“type”:“dns-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/WwNbRUpL4zRK1-ca_qI2TYo6MgvzHfiYcg_4qQhN88k/54869876”,“token”:“K8jFnQtGfaTpKCXZ7le2Gyopp695Lb-CSHo_N-7IJus”}],"combinations”:[[1],[2],[0]]}‘
2016-04-20 13:32:46,801:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u’status’: u’pending’, u’token’: u’K8jFnQtGfaTpKCXZ7le2Gyopp695Lb-CSHo_N-7IJus’, u’type’: u’dns-01’, u’uri’: u’https://acme-v01.api.letsencrypt.org/acme/challenge/WwNbRUpL4zRK1-ca_qI2TYo6MgvzHfiYcg_4qQhN88k/54869876’}
2016-04-20 13:32:46,801:DEBUG:acme.jose.json_util:Omitted empty fields: combinations=None, challenges=None, expires=None, status=None
2016-04-20 13:32:46,802:DEBUG:acme.client:Serialized JSON: {“identifier”: {“type”: “dns”, “value”: “app.xxxx.com”}, “resource”: “new-authz”}
2016-04-20 13:32:46,802:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), jwk=None, typ=None, jku=None, cty=None, x5tS256=None, x5u=None, alg=None, x5t=None
2016-04-20 13:32:46,805:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), typ=None, jku=None, cty=None, x5tS256=None, x5u=None, x5t=None, nonce=None
2016-04-20 13:32:46,805:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz. args: (), kwargs: {‘data’: ‘{“header”: {“alg”: “RS256”, “jwk”: {“e”: “AQAB”, “kty”: “RSA”, “n”: “opwPFwCMaVPfsE6jAnhjRQsyTApmtGZiUQT3XCVk2Tg4XDha1nH9pDoIDta0DbD8nS6U-5a9XZsCFUQ0Y7bbDaU3hSJEmBw7C71lvXCDpMu-F1kOBvQXOmkhXQzhbpaed_3N3HBTXKsfsde45sFT-AJgGWtqMfLFvD2J8bLV5jZPUUJsPaWfjglL58wJWPkFG7fwfVA_KA1uWanyv–1BmDid3Y7otpXTlc1Jn56BWOFOTv-60vs-YOOISRseaZkzcjB1wwSoXUUvV33wqz55-HLwJSJzptt1qp9hwyRoKluFwGvm6JvE5xikpwnhQ3K9d2Wr_Y3ERcmpuE3dfHXZw”}}, “protected”: “eyJub25jZSI6ICJNLTFuRnVqVmNEc0hBVl9sblNHcFhRaTFfeC1WaHJsMnNCTlktSXJ0WHBNIn0”, “payload”: “eyJpZGVudGlmaWVyIjogeyJ0eXBlIjogImRucyIsICJ2YWx1ZSI6ICJhcHAuYmltYWNoaW5lLmNvbSJ9LCAicmVzb3VyY2UiOiAibmV3LWF1dGh6In0”, “signature”: “FNxJluvoVz9GzENF7GxvWpjFubb-yeiQRhmD-T8HrFBjPw_biCIMa6kh011ByFTgIEJ0PvNMx8LbDCo-L25vNCkuHU_OajJa_rc713t9olHc9Mb8oQ4SBUB1HznOi2KYB9r8IqaHnLnODt7H6vppW2XTQ9LNqDav_Vg5sGztUFc_528Y1ctC2araAFWU4EEqmEnukOAL8Q9Y1iEPTBjNhGRCWuLhJEY0kdN4u-afghKxaG7cxCmFxDAGib_LJ3RuXlMDQ9uk1AFg77NGtdpgKh4cRH2TGbeVggSGDNDz-2lc19M_I8NTwxqTmTHnsfPdpY1P51ZHSMeVqbuCAIu9jQ”}’}
2016-04-20 13:32:46,807:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2016-04-20 13:32:47,009:DEBUG:requests.packages.urllib3.connectionpool:“POST /acme/new-authz HTTP/1.1” 201 780
2016-04-20 13:32:47,011:DEBUG:root:Received <Response [201]>. Headers: {‘Content-Length’: ‘780’, ‘Expires’: ‘Wed, 20 Apr 2016 13:32:47 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/rniuZEgsBvQyi2C113exObOwADk5X0XsqGfShKAsUBM’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Wed, 20 Apr 2016 13:32:47 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘3k1hMvx4VJLSjxcwIm4g7S_nWMWehlMoMsCN1VxyFS4’}. Content: ‘{“identifier”:{“type”:“dns”,“value”:“app.xxxx.com”},“status”:“pending”,“expires”:“2016-04-27T13:32:46.923076211Z”,“challenges”:[{“type”:“dns-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/rniuZEgsBvQyi2C113exObOwADk5X0XsqGfShKAsUBM/54869877",“token”:“I0kgg1Ix2Vb9c9Utt3oeUPc9048cXpDzmx5qtREKh8I”},{“type”:“http-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/rniuZEgsBvQyi2C113exObOwADk5X0XsqGfShKAsUBM/54869878”,“token”:“am2RhEyWUPtpoXpD-Hbo0501tlCvm8vViVd8cuV8rBU”},{“type”:“tls-sni-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/rniuZEgsBvQyi2C113exObOwADk5X0XsqGfShKAsUBM/54869879”,“token”:“XUgUQSk1CfVsb4CiIVVQvlQNBJt_w7SOt1a2MdtABKU”}],"combinations”:[[1],[0],[2]]}‘
2016-04-20 13:32:47,012:DEBUG:acme.client:Storing nonce: ‘\xdeMa2\xfcxT\x92\xd2\x8f\x170"n \xed/\xe7X\xc5\x9e\x86S(2\xc0\x8d\xd5\r\x15.‘
2016-04-20 13:32:47,012:DEBUG:acme.client:Received response <Response [201]> (headers: {‘Content-Length’: ‘780’, ‘Expires’: ‘Wed, 20 Apr 2016 13:32:47 GMT’, ‘Strict-Transport-Security’: ‘max-age=604800’, ‘Server’: ‘nginx’, ‘Connection’: ‘keep-alive’, ‘Link’: ‘https://acme-v01.api.letsencrypt.org/acme/new-cert;rel=“next”’, ‘Location’: ‘https://acme-v01.api.letsencrypt.org/acme/authz/rniuZEgsBvQyi2C113exObOwADk5X0XsqGfShKAsUBM’, ‘Pragma’: ‘no-cache’, ‘Cache-Control’: ‘max-age=0, no-cache, no-store’, ‘Date’: ‘Wed, 20 Apr 2016 13:32:47 GMT’, ‘X-Frame-Options’: ‘DENY’, ‘Content-Type’: ‘application/json’, ‘Replay-Nonce’: ‘3k1hMvx4VJLSjxcwIm4g7S_nWMWehlMoMsCN1VxyFS4’}): ‘{“identifier”:{“type”:“dns”,“value”:“app.xxxx.com”},“status”:“pending”,“expires”:“2016-04-27T13:32:46.923076211Z”,“challenges”:[{“type”:“dns-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/rniuZEgsBvQyi2C113exObOwADk5X0XsqGfShKAsUBM/54869877",“token”:“I0kgg1Ix2Vb9c9Utt3oeUPc9048cXpDzmx5qtREKh8I”},{“type”:“http-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/rniuZEgsBvQyi2C113exObOwADk5X0XsqGfShKAsUBM/54869878”,“token”:“am2RhEyWUPtpoXpD-Hbo0501tlCvm8vViVd8cuV8rBU”},{“type”:“tls-sni-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/rniuZEgsBvQyi2C113exObOwADk5X0XsqGfShKAsUBM/54869879”,“token”:“XUgUQSk1CfVsb4CiIVVQvlQNBJt_w7SOt1a2MdtABKU”}],"combinations”:[[1],[0],[2]]}‘
2016-04-20 13:32:47,012:DEBUG:acme.challenges:dns-01 was not recognized, full message: {u’status’: u’pending’, u’token’: u’I0kgg1Ix2Vb9c9Utt3oeUPc9048cXpDzmx5qtREKh8I’, u’type’: u’dns-01’, u’uri’: u’https://acme-v01.api.letsencrypt.org/acme/challenge/rniuZEgsBvQyi2C113exObOwADk5X0XsqGfShKAsUBM/54869877’}
2016-04-20 13:32:47,013:INFO:letsencrypt.auth_handler:Performing the following challenges:
2016-04-20 13:32:47,013:INFO:letsencrypt.auth_handler:http-01 challenge for xxxx.com
2016-04-20 13:32:47,013:INFO:letsencrypt.auth_handler:http-01 challenge for app.xxxx.com
2016-04-20 13:32:47,013:INFO:letsencrypt.plugins.webroot:Using the webroot path /opt/nginx/xxxx.com for all unmatched domains.
2016-04-20 13:32:47,013:DEBUG:letsencrypt.plugins.webroot:Creating root challenges validation dir at /opt/nginx/xxxx.com/.well-known/acme-challenge
2016-04-20 13:32:47,026:DEBUG:letsencrypt.plugins.webroot:Creating root challenges validation dir at /opt/nginx/xxxx.com/.well-known/acme-challenge
2016-04-20 13:32:47,030:DEBUG:letsencrypt.plugins.webroot:Attempting to save validation to /opt/nginx/xxxx.com/.well-known/acme-challenge/bVLCsg-L0eZKmho0gUQNUs6IWlJr6ywUpNvA7wKayBA
2016-04-20 13:32:47,033:DEBUG:letsencrypt.plugins.webroot:Attempting to save validation to /opt/nginx/xxxx.com/.well-known/acme-challenge/am2RhEyWUPtpoXpD-Hbo0501tlCvm8vViVd8cuV8rBU
2016-04-20 13:32:47,033:INFO:letsencrypt.auth_handler:Waiting for verification…
2016-04-20 13:32:47,033:DEBUG:acme.client:Serialized JSON: {“keyAuthorization”: “bVLCsg-L0eZKmho0gUQNUs6IWlJr6ywUpNvA7wKayBA.xzICfNo96aVtR83hFlDhVZq7PP2RbO0UfvKUWaLkmZc”, “type”: “http-01”, “resource”: “challenge”}
2016-04-20 13:32:47,034:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), jwk=None, typ=None, jku=None, cty=None, x5tS256=None, x5u=None, alg=None, x5t=None
2016-04-20 13:32:47,036:DEBUG:acme.jose.json_util:Omitted empty fields: kid=None, x5c=(), crit=(), typ=None, jku=None, cty=None, x5tS256=None, x5u=None, x5t=None, nonce=None
2016-04-20 13:32:47,037:DEBUG:root:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/WwNbRUpL4zRK1-ca_qI2TYo6MgvzHfiYcg_4qQhN88k/54869875. args: (), kwargs: {‘data’: '{“header”: {“alg”: “RS256”, “jwk”: {“e”: “AQAB”, “kty”: “RSA”, “n”: “opwPFwCMaVPfsE6jAnhjRQsyTApmtGZiUQT3XCVk2Tg4XDha1nH9pDoIDta0DbD8nS6U-5a9XZsCFUQ0Y7bbDaU3hSJEmBw7C71lvXCDpMu-F1kOBvQXOmkhXQzhbpaed_3N3HBTXKsfsde45sFT-AJgGWtqMfLFvD2J8bLV5jZPUUJsPaWfjglL58wJWPkFG7fwfVA_KA1uWanyv–1BmDid3Y7otpXTlc1Jn56BWOFOTv-60vs-YOOISRseaZkzcjB1wwSoXUUvV33wqz55-HLwJSJzptt1qp9hwyRoKluFwGvm6JvE5xikpwnhQ3K9d2Wr_Y3ERcmpuE3dfHXZw”}}, “protected”: “eyJub25jZSI6ICIzazFoTXZ4NFZKTFNqeGN3SW00ZzdTX25XTVdlaGxNb01zQ04xVnh5RlM0In0”, “payload”: "eyJrZXlBdXRob3JpemF0aW9uIjogImJWTENzZ
Domain: xxxx.com
Type: unauthorized
Detail: Error parsing key authorization file: Invalid key authorization: 53 parts

To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address.
2016-04-20 13:32:50,774:INFO:letsencrypt.auth_handler:Cleaning up challenges
2016-04-20 13:32:50,775:DEBUG:letsencrypt.plugins.webroot:Removing /opt/nginx/xxxx.com/.well-known/acme-challenge/bVLCsg-L0eZKmho0gUQNUs6IWlJr6ywUpNvA7wKayBA
2016-04-20 13:32:50,775:DEBUG:letsencrypt.plugins.webroot:Removing /opt/nginx/xxxx.com/.well-known/acme-challenge/am2RhEyWUPtpoXpD-Hbo0501tlCvm8vViVd8cuV8rBU
2016-04-20 13:32:50,776:DEBUG:letsencrypt.plugins.webroot:All challenges cleaned up, removing /opt/nginx/xxxx.com/.well-known/acme-challenge
2016-04-20 13:32:50,781:DEBUG:letsencrypt.main:Exiting abnormally:
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/root/.local/share/letsencrypt/local/lib/python2.7/dist-packages/letsencrypt/main.py”, line 692, in main
return config.func(config, plugins)
File “/root/.local/share/letsencrypt/local/lib/python2.7/dist-packages/letsencrypt/main.py”, line 509, in obtain_cert
_, action = _auth_from_domains(le_client, config, domains, lineage)
File “/root/.local/share/letsencrypt/local/lib/python2.7/dist-packages/letsencrypt/main.py”, line 93, in _auth_from_domains
lineage = le_client.obtain_and_enroll_certificate(domains)
File “/root/.local/share/letsencrypt/local/lib/python2.7/dist-packages/letsencrypt/client.py”, line 274, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File “/root/.local/share/letsencrypt/local/lib/python2.7/dist-packages/letsencrypt/client.py”, line 246, in obtain_certificate
self.config.allow_subset_of_names)
File “/root/.local/share/letsencrypt/local/lib/python2.7/dist-packages/letsencrypt/auth_handler.py”, line 74, in get_authorizations
self._respond(resp, best_effort)
File “/root/.local/share/letsencrypt/local/lib/python2.7/dist-packages/letsencrypt/auth_handler.py”, line 131, in _respond
self._poll_challenges(chall_update, best_effort)
File “/root/.local/share/letsencrypt/local/lib/python2.7/dist-packages/letsencrypt/auth_handler.py”, line 195, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. app.xxxx.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Error parsing key authorization file: Invalid key authorization: 53 parts, xxxx.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Error parsing key authorization file: Invalid key authorization: 53 parts


#4

i need to use a certificate with some subdomains of a unique domain.
I follow this instructions: Multiple subdomains
But a i don’t understand what i doing wrong.

./letsencrypt-auto certonly --webroot -w /opt/nginx/xxxx.com -d xxxx.com -d app.xxxx.com -t -vvvv


#5

Is /opt/nginx/xxxx.com the webroot for app.xxxx.com? If you put a test file with random content in /opt/nginx/xxxx.com/.well-known/acme-challenge/test, can you access it via http://app.xxxx.com/.well-known/acme-challenge/test with your browser?


#6

No i don’t placed a test file in the webroot.
So, thats the problem ?
I need to launch a parallel infraestrutura to test this. Because i have some implications with the production environment.
I return with the solution shortly


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.