Problem renewing, used to work now stopped


#1

My domain is: www.fingerprintsoft.co

I ran this command:
sudo /opt/certbot-auto -w /var/www/fingerprintsoft.co/html/ --apache certonly
/opt/certbot-auto renew

It produced this output:
Failed authorization procedure. fingerprintsoft.co (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :

My web server is (include version):
apache - httpd-2.2.15-69.el6.centos.x86_64

The operating system my web server runs on is (include version):
CentOS release 6.3 (Final)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No


#2

Could you post the full output from that command? There’s a lot more info that’s provided which we need to be able to help you. The bit you posted by itself is a very common error message with a great number of possi le causes.


#3

Hi @fuzails

I see, you tested your domain :wink:

If you want to use the webroot, then split it:

sudo /opt/certbot-auto -a webroot -w /var/www/fingerprintsoft.co/html/ -i apache certonly

-a - authenticator webroot
-i - installer apache

But if you use certonly, you don’t need an installer. So use

sudo /opt/certbot-auto -a webroot -w /var/www/fingerprintsoft.co/html/ certonly

#4

thanks, didnt have to use webroot before, jsut tried it with
/opt/certbot-auto -a webroot -w /var/www/fingerprintsoft.co/html/ certonly -d www.fingerprintsoft.co and it worked

Going to wait for rate limiting to finish and then attempt for all domains required.


#5

Then you should add both domain names:

-d fingerprintsoft.co -d www.fingerprintsoft.co

If the dns entry exists, both domain names should allow a correct https connection without a certificate error.


#6
Obtaining a new certificate

Performing the following challenges:
http-01 challenge for fingerprintsoft.co
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. fingerprintsoft.co (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://fingerprintsoft.co/.well-known/acme-challenge/jfhTFIS5aSBOyn0npbhWtVExMHkpfjvH6LkNu_LG5HA: "\n<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN”\n “http://www.w3.org/TR/xhtml1/D

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: fingerprintsoft.co
Type: unauthorized
Detail: Invalid response from
http://fingerprintsoft.co/.well-known/acme-challenge/jfhTFIS5aSBOyn0npbhWtVExMHkpfjvH6LkNu_LG5HA:
"\n<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<!DOCTYPE html
PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN”\n
http://www.w3.org/TR/xhtml1/D

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

I initially used to renew with:
sudo /opt/certbot-auto --apache certonly

Only tried webroot today.


#7

Thanks that has worked beautifully, regards