Produced an unexpected error: Failed authorization procedure

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:guiadotransporte.com.br

I ran this command:./certbot-auto renew --preferred-challenges http --debug-challenges --dry-run

It produced this output:Attempting to renew cert (guiadotransporte.com.br) from /etc/letsencrypt/renewal/guiadotransporte.com.br.conf produced an unexpected error: Failed authorization procedure. www.guiadotransporte.com.br (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.guiadotransporte.com.br/.well-known/acme-challenge/dYjZGvy6IJs-fFSOullz6G5HkhH0nKich7hA7EcATxg: "<html xmlns=“https”, guiadotransporte.com.br (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://guiadotransporte.com.br/.well-known/acme-challenge/qtLEJFvQSFub7xz8vcxxp3eM3rqTNXsD9IpgyHSkaW8: "<html xmlns=“https”. Skipping.

My web server is (include version):ubuntu 14:04

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:aws

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no, i use putty

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.30.2

I tried to give a renewal, and this error appeared.

I tried to install again, but it still made an error.

anybody help me please!

Hi @ArthurCalazans

your certificate is already expired ( https://check-your-website.server-daten.de/?q=guiadotransporte.com.br ):

CN=guiadotransporte.com.br
	03.11.2018
	01.02.2019
expired	guiadotransporte.com.br, www.guiadotransporte.com.br - 2 entries

Your main configuration is a little bit inconcistent:

Domainname Http-Status redirect Sec. G
• http://guiadotransporte.com.br/
54.207.106.156 301 https://guiadotransporte.com.br/ 0.466 A
• http://www.guiadotransporte.com.br/
54.207.106.156 200 0.730 H
• https://guiadotransporte.com.br/
54.207.106.156 200 7.743 N
Certificate error: RemoteCertificateChainErrors
• https://www.guiadotransporte.com.br/
54.207.106.156 200 7.913 N
Certificate error: RemoteCertificateChainErrors
• http://guiadotransporte.com.br/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
54.207.106.156 301 https://guiadotransporte.com.br/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.477 A
• http://www.guiadotransporte.com.br/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
54.207.106.156 404 0.494 A
Not Found
• https://guiadotransporte.com.br/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 404 6.933 N
Not Found
Certificate error: RemoteCertificateChainErrors

When you use http-01 validation, Certbot creates a file under /.well-known/acme-challenge, Letsencrypt checks this file and follows redirects.

Your non-www is redirected to https, your www version not. But the content is the same.

So try to find your DocumentRoot (in your apache config file)

<VirtualHost *:80>
    DocumentRoot "/www/example1"
    ServerName www.example.com

    # Other directives here
</VirtualHost>

That after "DocumentRoot".

Then use it

certbot run -a webroot -w yourDocumentRoot -d guiadotransporte.com.br -d www.guiadotransporte.com.br --dry-run

If that works with the test system, create a new certificate with

certbot run -a webroot -w yourDocumentRoot -i apache -d guiadotransporte.com.br -d www.guiadotransporte.com.br

this was the output

–dry-run currently only works with the ‘certonly’ or ‘renew’ subcommands (‘run’)

Then change "run" to "certonly".

Now, this was the output!

Failed authorization procedure. guiadotransporte.com.br (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://guiadotransporte.com.br/.well-known/acme-challenge/NGUpC_6JImMOhKb9aQV_75T5OiNtxTdFjWzRyVSIBs0: "<html xmlns=“https”, www.guiadotransporte.com.br (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.guiadotransporte.com.br/.well-known/acme-challenge/ISVW2kq2GBf0PrRftS9wkpJ0JYeX6icd6xyr_upHf5s: "<html xmlns=“https”

Please share your complete command. If this doesn't work, you have

  • additional definitions / redirects
  • your webroot you have found is wrong

So create the two subfolders in your webroot

yourwebroot/.well-known/acme-challenge

then add a file (file name 1234) and try to load this file via

http://guiadotransporte.com.br/.well-known/acme-challenge/1234

to see if your webroot is correct.

./certbot-auto certonly -a webroot -w /var/www/guia-do-transporte -d guiadotransporte.com.br -d www.guiadotransporte.com.br --dry-run
That was the command!

I created the folders in my webroot /var/www/guia-do-transporte/.well-known/acme-challenge/1234
and as I use laravel, he will not let me in.

You need only two folders - /.well-known/acme-challenge, 1234 is the name of the file you should create, not a third folder.

I don't know how laravel manages that or why laravel blocks this folder.

I just created 2 folders, and 1 file with name 1234, inside the file has a text.
The laravel does not let you access, only just what you have inside the public.

it works with routes, whatever is not in the path of routes, can not be accessed.

IMPORTANT NOTES:

my sincere prescriptions.

I realized that my webroot is in / var / www / transport-guide / public, and I was putting / var / www / transport-guide.

Many thanks for the support! you are awesome!

2 Likes

Happy to read that it works.

With the correct webroot, the webroot authenticator should always work.

1 Like

A post was split to a new topic: Problem creating new certificate with http-01 validation

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.