[RESOLVED] Cerbot Failed Authentication

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: http://masrengga.com

I ran this command: sudo certbot --apache

It produced this output:

Failed authorization procedure. www.masrengga.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://masrengga.com [54.254.115.155]: “\n<html lang=“en-US”>\n<head itemscope itemtype=“https://schema.org/WebSite”>\n<meta charset=“UTF-8” />\n<meta name=”"

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: www.masrengga.com
    Type: unauthorized
    Detail: Invalid response from http://masrengga.com
    [54.254.115.155]: “\n<html lang=“en-US”>\n<head
    itemscope itemtype=“https://schema.org/WebSite”>\n<meta
    charset=“UTF-8” />\n<meta name=”"

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version): Apache/2.4.29 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04 LTS

My hosting provider, if applicable, is: AWS EC2

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Tried to do this:

  1. Add dummy file to /webroot/.well-known/acme-challenge/foo.txt
    Accessible via http://masrengga.com/.well-known/acme-challenge/foo.txt

  2. Add an Alias record on domain (just trying things out)

www.masrengga.com points to IP address of EC2

To me, this suggests that you had a “www”-to"-“no-www” redirect which cut off the remainder of the URL.

So, Let’s Encrypt tried to visit http://www.masrengga.com/well-known/.acme-challenge/xyz and received a redirect to http://masrengga.com/ - which obviously will fail.

But that doesn’t seem to be the case anymore. Did you make some change with redirects on your end?

If so, can you try again?

Aw weird now it works!! lol

Congratulations! You have successfully enabled https://masrengga.com and
https://www.masrengga.com

I only added the alias record on the domain record, that solved it I think.

Thanks!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.