Hi,

Before starting I want to say I search through the whole forum and ACME docs for hours. This error is already well documented. I still struggle to get rid of it. If someone have a clue it would be much appreciated. Thank you.

As you can see in the title I run the certonly with webroot module.

• All site's assets are located in var/www/w3st.digital/public

• I've manually added a /var/www/w3st.digital/public/.well-known/acme-challenge/a text file that I'm able to query over http using curl and chromium. You can try.
  http://w3st.digital/.well-known/acme-challenge/a

• Acme script is generating the challenge at the right path. Meaning I've correctly set the webroot, as you can see in debug logs:

  2019-07-23 08:29:41,135:DEBUG:certbot.error_handler:Calling registered functions
  2019-07-23 08:29:41,135:INFO:certbot.auth_handler:Cleaning up challenges
  2019-07-23 08:29:41,136:DEBUG:certbot.plugins.webroot:Removing /var/www/w3st.digital/public/.well-known/acme-challenge/D31FGPPWu2lr8INMSwQi5j0MNpOg6zyAXk1C1HxIb2k
  2019-07-23 08:29:41,136:DEBUG:certbot.plugins.webroot:Removing /var/www/w3st.digital/public/.well-known/acme-challenge/uoNrzeaprMll4Do7NWfXVjemAhPbMyvlPA81dmFA0C8
  2019-07-23 08:29:41,136:DEBUG:certbot.plugins.webroot:All challenges cleaned up
  2019-07-23 08:29:41,137:DEBUG:certbot.log:Exiting abnormally:

It produced this output error, nginx is not able to find the file:

certbot.errors.FailedChallenges: Failed authorization procedure. www.w3st.digital (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.w3st.digital/.well-known/acme-challenge/uoNrzeaprMll4Do7NWfXVjemAhPbMyvlPA81dmFA0C8 [2a03:b0c0:3:d0::da2:3001]: "\r\n404 Not Found\r\n<body bgcolor="white">\r\n

404 Not Found

\r\n

---

", w3st.digital (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://w3st.digital/.well-known/acme-challenge/D31FGPPWu2lr8INMSwQi5j0MNpOg6zyAXk1C1HxIb2k [2a03:b0c0:3:d0::da2:3001]: "\r\n404 Not Found\r\n<body bgcolor="white">\r\n

404 Not Found

\r\n

---

"

My domain is:
w3st.digital

/etc/nginx/sites-available/w3st.digital:

server {
        root /var/www/w3st.digital/public;
        index index.html index.htm index.nginx-debian.html;

        server_name w3st.digital www.w3st.digital;

        location ~ /.well-known {
                allow all;
        }
}

I ran this command:
certbot certonly --webroot -w /var/www/w3st.digital/public -d w3st.digital -d www.w3st.digital

My web server is (include version):
nginx version: nginx/1.14.2

The operating system my web server runs on is (include version):
GNU/Linux Debian Buster 10

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.31.0

Hope someone can help me figure this out.
I wish you all a nice day.
Regards
Thomas.

Hi @tomVlt

looks like a curious problem. Checking your main domain all looks good - https://check-your-website.server-daten.de/?q=w3st.digital

You have ipv4 and ipv6

And checking your standard urls it's the same, all works. Not the typical ipv6 missing configuration error.

https doesn't work, but if you don't have a certificate, that's ok. All /.well-known/acme-challenge have the same, expected answer http status 404 - Not Found.

But checking your challenge file - https://check-your-website.server-daten.de/?q=w3st.digital%2F.well-known%2Facme-challenge%2Fa

there are different answers:

Your challenge file works with ipv4, but not with ipv6.

Letsencrypt prefers ipv6, so it's critical.

So you must have a configuration with an incomplete ipv6 part.

Dear Juergen,

It worked as expected.
Many thanks for your time.

I must say support is solid and fast at LE. You are awesome.

Regards,
Thomas.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.