Produced an unexpected error: Failed authorization procedure


#1

My domain is: exxoshost.co.uk

I ran this command: certbot-auto renew

It produced this output:

Processing /etc/letsencrypt/renewal/exxoshost.co.uk.conf


Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.exxoshost.co.uk
http-01 challenge for exxoshost.co.uk
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (exxoshost.co.uk) from /etc/letsencrypt/renewal/exxoshost.co.uk.conf produced an unexpected error: Failed authorization procedure. exxoshost.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://exxoshost.co.uk/.well-known/acme-challenge/UZOsq35IWfZvm26K3pJR-_0er1P_LnMf3_Z6fN8bNmU: “\r\n\r\n404\r\n<meta http-equiv=“Content-Type” content=“text/html; charset=iso-8859-1”>\r\n\r\n\r\n<body b”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/exxoshost.co.uk/fullchain.pem (failure)


All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/exxoshost.co.uk/fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:


ALSO NOW


Processing /etc/letsencrypt/renewal/exxoshost.co.uk.conf


Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Attempting to renew cert (exxoshost.co.uk) from /etc/letsencrypt/renewal/exxoshost.co.uk.conf produced an unexpected error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/exxoshost.co.uk/fullchain.pem (failure)


All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/exxoshost.co.uk/fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)

My web server is (include version): Apache/2.4.7 (Ubuntu)

The operating system my web server runs on is (include version):UBUNTU 14.04

My hosting provider, if applicable, is: RAMNODE

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): UBUNTU COMMAND LINE

This was all working fine for the past 18 months, now I get some odd errors, I been trying to fix them, but now seems I am banned :frowning:


#2

http://exxoshost.co.uk/.well-known/acme-challenge/UZOsq35IWfZvm26K3pJR-_0er1P_LnMf3_Z6fN8bNmU
returns 404 error (file not found).

Please show:

And also:
ls -l /etc/apache2/sites-enabled/
grep -Eri 'listen|servername|serveralias|sslcert|rewrite|known|challenge' /etc/apache2/

We can deal with later…


#3

renew_before_expiry = 30 days

version = 0.27.1
cert = /etc/letsencrypt/live/exxoshost.co.uk/cert.pem
privkey = /etc/letsencrypt/live/exxoshost.co.uk/privkey.pem
chain = /etc/letsencrypt/live/exxoshost.co.uk/chain.pem
fullchain = /etc/letsencrypt/live/exxoshost.co.uk/fullchain.pem
archive_dir = /etc/letsencrypt/archive/exxoshost.co.uk

Options used in the renewal process

[renewalparams]
authenticator = apache
installer = apache
account = d792509ad0bc9axxxxxxxxxxxxxxxxxxxx
server = https://acme-v02.api.letsencrypt.org/directory

ls -l /etc/apache2/sites-enabled/
total 0
lrwxrwxrwx 1 root root 35 Nov 12 2015 000-default.conf -> …/sites-available/000-default.conf
lrwxrwxrwx 1 root root 35 Sep 7 2016 default-ssl.conf -> …/sites-available/default-ssl.conf

grep -Eri ‘listen|servername|serveralias|sslcert|rewrite|known|challenge’ /etc/apache2/

Sorry, new users can only put 20 links in a post.


#4

upload the output as a text file here or through any service (like paste.bin)


#5

Please show (or upload):
/etc/apache2/sites-available/000-default.conf
/etc/apache2/sites-available/default-ssl.conf


#6

ah ok

https://pastebin.com/znsZvig0


#7


        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf


# vim: syntax=apache ts=4 sw=4 sts=4 sr noet








        
                ServerAdmin atari@exxoshost.co.uk
ServerName exxoshost.co.uk
ServerAlias www.exxoshost.co.uk
                DocumentRoot /var/www/html

#Redirect permanent /forum https://www.exxoshost.co.uk/forum


                # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
                # error, crit, alert, emerg.
                # It is also possible to configure the loglevel for particular
                # modules, e.g.
                #LogLevel info ssl:warn

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                # For most configuration files from conf-available/, which are
                # enabled or disabled at a global level, it is possible to
                # include a line for only one particular virtual host. For example the
                # following line enables the CGI configuration for this host only
                # after it has been globally disabled with "a2disconf".
                #Include conf-available/serve-cgi-bin.conf

                #   SSL Engine Switch:
                #   Enable/Disable SSL for this virtual host.
                SSLEngine on

                #   A self-signed (snakeoil) certificate can be created by installing
                #   the ssl-cert package. See
                #   /usr/share/doc/apache2/README.Debian.gz for more info.
                #   If both key and certificate are stored in the same file, only the
                #   SSLCertificateFile directive is needed.
        #       SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
        #       SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

        SSLCertificateFile /etc/letsencrypt/live/exxoshost.co.uk/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/exxoshost.co.uk/privkey.pem


                #   Server Certificate Chain:
                #   Point SSLCertificateChainFile at a file containing the
                #   concatenation of PEM encoded CA certificates which form the
                #   certificate chain for the server certificate. Alternatively
                #   the referenced file can be the same as SSLCertificateFile
                #   when the CA certificates are directly appended to the server
                #   certificate for convinience.


#8

/etc/apache2/apache2.conf: ServerName www.exxoshost.co.uk
/etc/apache2/apache2.conf: ServerAlias exxoshost.co.uk
/etc/apache2/sites-available/default-ssl.conf:ServerName exxoshost.co.uk
/etc/apache2/sites-available/default-ssl.conf:ServerAlias www.exxoshost.co.uk

Not sure why they exist in two places…
Maybe show the file:
/etc/apache2/apache2.conf


#9

Please modify the post with the file contents (which look all mangled) and wrap it with:
<pre>
file contents
</pre>


#10

I think a lot of the problem was a lot of the apache guides were for a previous version, there wasn’t much for version 2, and it confused the hell out of everything when I set all this up 2 years ago. Everything has been fine for the past 18 months, so don’t get why its all gone to crap all of a sudden :frowning:

Which bits do you need, the file is huge and has a lot of stuff in there.


#11

All lines with any of these:
listen
virtualhost
if
rewrite
exxoshost.co.uk

I need to understand why the names appear in both files.
So include any lines that may help explain that.


#12

Its probably what I screwed up setting it all up… All my sites are in the apache2.conf, its where I put all the site setup, I didn’t put them in what seems to be seperate sites folders now, its all way to confusing :frowning:


#13

(AGAIN)
Please modify the post with the file contents (which look all mangled) and wrap it with:
<pre>
file contents
</pre>

to edit post, click the pencil below the post


#14

I think I can help with that :slight_smile:


#15


	DocumentRoot "/var/www/html/"
	ServerName www.exxoshost.co.uk
	ServerAlias exxoshost.co.uk


just is mostly all the domains like that, nothing else other than the apache stuff…


#16

Its all been working fine for 18 months, I think when it updated cerbot or something, its broke…


#17

Does it include a listen statement?
Does it include anything to do with redirection?
Does it include anything to handle the acme challenge?

Please fix post #6
I can’t read it well enough.


#18

I don’t know what you are asking sorry, I am not good with ubuntu… I never heard of a acme challenge.


#19

scroll up.
See your post that starts with

I need you to fix it so I can read it properly.

I think you ate the
<VirtualHost *:80>


#20

Can you just upload that to paste.bin
There are still things missing - thanks.
It started with *:80 and towards the end turns on SSL and uses a cert.
Something happened in the middle that isn’t shown.