[SOLVED] Certbot Unable to Pass HTTP-01 Challenge Due to Server Returning 404 Errors


#1

**My domain is:**essenbeek.zapto.org

**I ran this command as root:**certbot certonly --email --dry-run --test-cert --webroot -w /srv/http/ -d essenbeek.zapto.org

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for essenbeek.zapto.org
Using the webroot path /srv/http for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. essenbeek.zapto.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://essenbeek.zapto.org/.well-known/acme-challenge/8CsA8p31Y5Vb9HGs2hvJ2MXoHJk5nVAi1s4RKs6iUX8: "<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/D" To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. **My operating system is (include version):**Linux zeus 4.10.13-1-ARCH #1 SMP PREEMPT Thu Apr 27 12:35:30 CEST 2017 i686 GNU/Linux **My web server is (include version)**:Apache 2.4.25-2 **I can login to a root shell on my machine (yes or no, or I don't know):**yes **I'm using a control panel to manage my site (no, or provide the name and version of the control panel)**:no **My directory structure:** /var/lib/letsencrypt/: total 12K drwxr-xr-x 3 root root 4.0K May 3 15:42 ./ drwxr-xr-x 19 root root 4.0K May 3 00:00 ../ drwxr-xr-x 3 root root 4.0K May 3 15:42 .well-known/ /var/lib/letsencrypt/.well-known: total 12K drwxr-xr-x 3 root root 4.0K May 3 15:42 ./ drwxr-xr-x 3 root root 4.0K May 3 15:42 ../ drwxr-xr-x 2 root root 4.0K May 3 15:42 acme-challenge/ /var/lib/letsencrypt/.well-known/acme-challenge: total 12K drwxr-xr-x 2 root root 4.0K May 3 15:42 ./ drwxr-xr-x 3 root root 4.0K May 3 15:42 ../ -rw-r--r-- 1 root root 12 May 3 15:42 test. **While trying to renew certificat access-log of Apache:** 66.133.109.36 - - [03/May/2017:15:58:57 +0200] "GET /.well-known/acme-challenge/8CsA8p31Y5Vb9HGs2hvJ2MXoHJk5nVAi1s4RKs6iUX8 HTTP/1.1" 404 1008 **/var/log/letsencrypt/letsencrypt.log** 2017-05-03 13:58:56,256:DEBUG:certbot.log:Root logging level set at 20 2017-05-03 13:58:56,257:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log 2017-05-03 13:58:56,259:DEBUG:certbot.main:certbot version: 0.13.0 2017-05-03 13:58:56,259:DEBUG:certbot.main:Arguments: ['--email', '', '--dry-run', '--test-cert', '--webroot', '-w', '/srv/http/', '-d', 'essenbeek.zapto.org']

2017-05-03 13:58:56,260:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalone)
2017-05-03 13:58:56,260:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2017-05-03 13:58:56,270:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0xb62b316c>
Prep: True
2017-05-03 13:58:56,271:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0xb62b316c> and installer None
2017-05-03 13:58:56,279:DEBUG:certbot.main:Picked account: <Account(cd3627fe9fed35517a5c1a4f6fb379ff)>
2017-05-03 13:58:56,280:DEBUG:acme.client:Sending GET request to https://acme-staging.api.letsencrypt.org/directory.
2017-05-03 13:58:56,282:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
2017-05-03 13:58:56,681:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 372
2017-05-03 13:58:56,682:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 372
Boulder-Request-Id: cmLSSJbmOMQMyWWrmHroIFyLnFIEd8bo1m6x3Pxk7OU
Replay-Nonce: 7rrlJ6TCTYad7mFZf7CHXygCCMG3kg99dhXTOOEEy1E
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 03 May 2017 13:58:56 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 03 May 2017 13:58:56 GMT
Connection: keep-alive

{
“key-change”: “https://acme-staging.api.letsencrypt.org/acme/key-change”,
“new-authz”: “https://acme-staging.api.letsencrypt.org/acme/new-authz”,
“new-cert”: “https://acme-staging.api.letsencrypt.org/acme/new-cert”,
“new-reg”: “https://acme-staging.api.letsencrypt.org/acme/new-reg”,
“revoke-cert”: “https://acme-staging.api.letsencrypt.org/acme/revoke-cert
}
2017-05-03 13:58:56,683:INFO:certbot.main:Obtaining a new certificate
2017-05-03 13:58:56,683:DEBUG:acme.client:Requesting fresh nonce
2017-05-03 13:58:56,683:DEBUG:acme.client:Sending HEAD request to https://acme-staging.api.letsencrypt.org/acme/new-authz.
2017-05-03 13:58:56,886:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging.api.letsencrypt.org:443 “HEAD /acme/new-authz HTTP/1.1” 405 0
2017-05-03 13:58:56,887:DEBUG:acme.client:Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 91
Allow: POST
Boulder-Request-Id: kWZeWH5PivVHVlZI6cfy1jzpXrMxewqttzZos0GazcU
Replay-Nonce: zfI3tiLWc74TVc3KDYbpIubqwcThSg2yE2Zt44uX8-k
Expires: Wed, 03 May 2017 13:58:56 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 03 May 2017 13:58:56 GMT
Connection: keep-alive

2017-05-03 13:58:56,887:DEBUG:acme.client:Storing nonce: zfI3tiLWc74TVc3KDYbpIubqwcThSg2yE2Zt44uX8-k
2017-05-03 13:58:56,888:DEBUG:acme.client:JWS payload:
{
“identifier”: {
“type”: “dns”,
“value”: “essenbeek.zapto.org
},
“resource”: “new-authz”
}
2017-05-03 13:58:56,903:DEBUG:acme.client:Sending POST request to https://acme-staging.api.letsencrypt.org/acme/new-authz:
{
“header”: {
“alg”: “RS256”,
“jwk”: {
“e”: “AQAB”,
“kty”: “RSA”,
“n”: “tO0RRw-4n6AJvcoQvs3ZWauT2LWiS91HXAYAqqjRl8qu_mEHP37QDwfY__VJp7lAcbJlv9514RPSWRzvaBukWp19znBnvYTVYqLOR8B2zgDOhcQnThsWssd4BaNqQF9GrQEQI9tXXFLoVnOvFmhd52QjGsLcBJwYbGWS6u1gXooLuGrGE3vh2XCjZNzGzEW6qoUGTP6Yxcfxti0ilv_VDIGOOtbk33eaCf45hUCczsLnh2wnclp3AFiZ15xZheW3tm5qZYfro8Tag8rfebSOjXSKZKFo6Q7zKuMjYAlWdW2MCYscyL_3OJMwZJZj0l-2am96FOG2AQps_DublWB45w”
}
},
“protected”: “eyJub25jZSI6ICJ6ZkkzdGlMV2M3NFRWYzNLRFlicEl1YnF3Y1RoU2cyeUUyWnQ0NHVYOC1rIn0”,
“payload”: “ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAiZXNzZW5iZWVrLnphcHRvLm9yZyIKICB9LCAKICAicmVzb3VyY2UiOiAibmV3LWF1dGh6Igp9”,
“signature”: “sYWA6kM0s750zZCa7-vlsJj90llsQbkpge6nNyqgsLhvwihUB6vp2SVgTvi3GUpsa1uE11l5F97qNVLfr3O3eqyPuw5EchymVDwKCBgZsVhODI_hlHHJJ-yuk0egB3TF4PPCeVyOJ28JJqvPQXB6BMZQ_dAV9adwZclhRiIfNovu5Qt377-KrJHZJ9fQoSkRp2eq7Nf-EbK_p5PkgoKuKCr_ZfrXpafvtGSAIi1vf4zLtBLbj3XIrGAWbKGBEnEOOEz8YeORXMll_aBMwDNPNsPSJYz8GsP8YO76fyvHPeWh01xKMoTSepDDOiN8iKNmoUmwboH-RgTy5lbWeXHg”
}
2017-05-03 13:58:57,130:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging.api.letsencrypt.org:443 “POST /acme/new-authz HTTP/1.1” 201 1013
2017-05-03 13:58:57,131:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 1013
Boulder-Request-Id: Dbz5GYejdEYDSh7IZf2Bj-UHSfuW36OUF5b1U3vLL10
Boulder-Requester: 2015415
Link: https://acme-staging.api.letsencrypt.org/acme/new-cert;rel="next"
Location: https://acme-staging.api.letsencrypt.org/acme/authz/HNzrCdF3HfUN69NZkIFLetV8UgPtb5yKWAmg6PmhYpY
Replay-Nonce: -t44ycVURFz7anugsgKO6_eYepkp6Ce1ULxEXZI62_8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 03 May 2017 13:58:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 03 May 2017 13:58:57 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “essenbeek.zapto.org
},
“status”: “pending”,
“expires”: “2017-05-10T13:58:57.041792035Z”,
“challenges”: [
{
“type”: “tls-sni-01”,
“status”: “pending”,
“uri”: “https://acme-staging.api.letsencrypt.org/acme/challenge/HNzrCdF3HfUN69NZkIFLetV8UgPtb5yKWAmg6PmhYpY/36838826”,
“token”: “AlotqV6_54WTUhyazIa5UqJb8GIxy_I7pikQ_s2m6Uc”
},
{
“type”: “dns-01”,
“status”: “pending”,
“uri”: “https://acme-staging.api.letsencrypt.org/acme/challenge/HNzrCdF3HfUN69NZkIFLetV8UgPtb5yKWAmg6PmhYpY/36838827”,
“token”: “s4D-4sV20oYSbS2iHHbhA8Xl2ZQWIqpiAzEq4Fn-XHo”
},
{
“type”: “http-01”,
“status”: “pending”,
“uri”: “https://acme-staging.api.letsencrypt.org/acme/challenge/HNzrCdF3HfUN69NZkIFLetV8UgPtb5yKWAmg6PmhYpY/36838828”,
“token”: “8CsA8p31Y5Vb9HGs2hvJ2MXoHJk5nVAi1s4RKs6iUX8”
}
],
“combinations”: [
[
1
],
[
2
],
[
0
]
]
}
2017-05-03 13:58:57,132:DEBUG:acme.client:Storing nonce: -t44ycVURFz7anugsgKO6_eYepkp6Ce1ULxEXZI62_8
2017-05-03 13:58:57,133:INFO:certbot.auth_handler:Performing the following challenges:
2017-05-03 13:58:57,133:INFO:certbot.auth_handler:http-01 challenge for essenbeek.zapto.org
2017-05-03 13:58:57,133:INFO:certbot.plugins.webroot:Using the webroot path /srv/http for all unmatched domains.
2017-05-03 13:58:57,133:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /srv/http/.well-known/acme-challenge
2017-05-03 13:58:57,142:DEBUG:certbot.plugins.webroot:Attempting to save validation to /srv/http/.well-known/acme-challenge/8CsA8p31Y5Vb9HGs2hvJ2MXoHJk5nVAi1s4RKs6iUX8
2017-05-03 13:58:57,142:INFO:certbot.auth_handler:Waiting for verification…
2017-05-03 13:58:57,143:DEBUG:acme.client:JWS payload:
{
“keyAuthorization”: “8CsA8p31Y5Vb9HGs2hvJ2MXoHJk5nVAi1s4RKs6iUX8.xsqnR4HX2Hm5upR6iwDBg5c-QfMWrkAi3Zl7fs8aEcE”,
“type”: “http-01”,
“resource”: “challenge”
}
2017-05-03 13:58:57,158:DEBUG:acme.client:Sending POST request to https://acme-staging.api.letsencrypt.org/acme/challenge/HNzrCdF3HfUN69NZkIFLetV8UgPtb5yKWAmg6PmhYpY/36838828:
{
“header”: {
“alg”: “RS256”,
“jwk”: {
“e”: “AQAB”,
“kty”: “RSA”,
“n”: “tO0RRw-4n6AJvcoQvs3ZWauT2LWiS91HXAYAqqjRl8qu_mEHP37QDwfY__VJp7lAcbJlv9514RPSWRzvaBukWp19znBnvYTVYqLOR8B2zgDOhcQnThsWssd4BaNqQF9GrQEQI9tXXFLoVnOvFmhd52QjGsLcBJwYbGWS6u1gXooLuGrGE3vh2XCjZNzGzEW6qoUGTP6Yxcfxti0ilv_VDIGOOtbk33eaCf45hUCczsLnh2wnclp3AFiZ15xZheW3tm5qZYfro8Tag8rfebSOjXSKZKFo6Q7zKuMjYAlWdW2MCYscyL_3OJMwZJZj0l-2am96FOG2AQps_DublWB45w”
}
},
“protected”: “eyJub25jZSI6ICItdDQ0eWNWVVJGejdhbnVnc2dLTzZfZVllcGtwNkNlMVVMeEVYWkk2Ml84In0”,
“payload”: “ewogICJrZXlBdXRob3JpemF0aW9uIjogIjhDc0E4cDMxWTVWYjlIR3MyaHZKMk1Yb0hKazVuVkFpMXM0UktzNmlVWDgueHNxblI0SFgySG01dXBSNml3REJnNWMtUWZNV3JrQWkzWmw3ZnM4YUVjRSIsIAogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9”,
“signature”: “Q1423YQfxl8ydF1WkypxPI6s1RRKFLaXbxG2A-eikVpjjF03ruCxuV1jGLlrRPtRVY3EjeDjyCJMuXBLkJzRzB8RKkDErdbmZwPx5ecvGenQ4aoXiBmWcIqVgTWiOh08wpzGGXhQDfMx6lYoa9dGFFjG2MJN8Lefcg1d2qS7xal0gO8u1C_EpTZ_g-XfFmh6QKlQGqOX3igho9n02Waw2e83Z4_Aiq6L5at5O_IVkY0FAP6EWcqyNNb90sSe7zcfJbhZCLmY-cqIHVFrTd4MruLe61MOff-mTE0ta6w6202APovNuLnGNUeqQMTiw0AnrScMRpRljiQtuwtmLvrzfg”
}
2017-05-03 13:58:57,381:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging.api.letsencrypt.org:443 “POST /acme/challenge/HNzrCdF3HfUN69NZkIFLetV8UgPtb5yKWAmg6PmhYpY/36838828 HTTP/1.1” 202 338
2017-05-03 13:58:57,382:DEBUG:acme.client:Received response:
HTTP 202
Server: nginx
Content-Type: application/json
Content-Length: 338
Boulder-Request-Id: vU9bLoa-xdHTN4TGZkAZhOqTffE_UufJD_nHM5rKT1E
Boulder-Requester: 2015415
Link: https://acme-staging.api.letsencrypt.org/acme/authz/HNzrCdF3HfUN69NZkIFLetV8UgPtb5yKWAmg6PmhYpY;rel="up"
Location: https://acme-staging.api.letsencrypt.org/acme/challenge/HNzrCdF3HfUN69NZkIFLetV8UgPtb5yKWAmg6PmhYpY/36838828
Replay-Nonce: Qw2tyRxQxxSsoZRufQIN9DyNt5pDzUPEnkzrs4p9o34
Expires: Wed, 03 May 2017 13:58:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 03 May 2017 13:58:57 GMT
Connection: keep-alive

{
“type”: “http-01”,
“status”: “pending”,
“uri”: “https://acme-staging.api.letsencrypt.org/acme/challenge/HNzrCdF3HfUN69NZkIFLetV8UgPtb5yKWAmg6PmhYpY/36838828”,
“token”: “8CsA8p31Y5Vb9HGs2hvJ2MXoHJk5nVAi1s4RKs6iUX8”,
“keyAuthorization”: “8CsA8p31Y5Vb9HGs2hvJ2MXoHJk5nVAi1s4RKs6iUX8.xsqnR4HX2Hm5upR6iwDBg5c-QfMWrkAi3Zl7fs8aEcE”
}
2017-05-03 13:58:57,382:DEBUG:acme.client:Storing nonce: Qw2tyRxQxxSsoZRufQIN9DyNt5pDzUPEnkzrs4p9o34
2017-05-03 13:59:00,386:DEBUG:acme.client:Sending GET request to https://acme-staging.api.letsencrypt.org/acme/authz/HNzrCdF3HfUN69NZkIFLetV8UgPtb5yKWAmg6PmhYpY.
2017-05-03 13:59:00,608:DEBUG:requests.packages.urllib3.connectionpool:https://acme-staging.api.letsencrypt.org:443 “GET /acme/authz/HNzrCdF3HfUN69NZkIFLetV8UgPtb5yKWAmg6PmhYpY HTTP/1.1” 200 1873
2017-05-03 13:59:00,610:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1873
Boulder-Request-Id: z9MUwMtpH7u5wZfYiNV0kMVAqhTNUqGZ-LI8WpG2exw
Link: https://acme-staging.api.letsencrypt.org/acme/new-cert;rel="next"
Replay-Nonce: 286nUQ_eCRKPigyIJ6UtqFtG2of4DJZHbTIVnbUpzoo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 03 May 2017 13:59:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 03 May 2017 13:59:00 GMT
Connection: keep-alive

{
“identifier”: {
“type”: “dns”,
“value”: “essenbeek.zapto.org
},
“status”: “invalid”,
“expires”: “2017-05-10T13:58:57Z”,
“challenges”: [
{
“type”: “tls-sni-01”,
“status”: “pending”,
“uri”: “https://acme-staging.api.letsencrypt.org/acme/challenge/HNzrCdF3HfUN69NZkIFLetV8UgPtb5yKWAmg6PmhYpY/36838826”,
“token”: “AlotqV6_54WTUhyazIa5UqJb8GIxy_I7pikQ_s2m6Uc”
},
{
“type”: “dns-01”,
“status”: “pending”,
“uri”: “https://acme-staging.api.letsencrypt.org/acme/challenge/HNzrCdF3HfUN69NZkIFLetV8UgPtb5yKWAmg6PmhYpY/36838827”,
“token”: “s4D-4sV20oYSbS2iHHbhA8Xl2ZQWIqpiAzEq4Fn-XHo”
},
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:acme:error:unauthorized”,
“detail”: "Invalid response from http://essenbeek.zapto.org/.well-known/acme-challenge/8CsA8p31Y5Vb9HGs2hvJ2MXoHJk5nVAi1s4RKs6iUX8: “\u003c?xml version=“1.0” encoding=“UTF-8”?\u003e\n\u003c!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN”\n “http://www.w3.org/TR/xhtml1/D””,
“status”: 403
},
“uri”: “https://acme-staging.api.letsencrypt.org/acme/challenge/HNzrCdF3HfUN69NZkIFLetV8UgPtb5yKWAmg6PmhYpY/36838828”,
“token”: “8CsA8p31Y5Vb9HGs2hvJ2MXoHJk5nVAi1s4RKs6iUX8”,
“keyAuthorization”: “8CsA8p31Y5Vb9HGs2hvJ2MXoHJk5nVAi1s4RKs6iUX8.xsqnR4HX2Hm5upR6iwDBg5c-QfMWrkAi3Zl7fs8aEcE”,
“validationRecord”: [
{
“url”: “http://essenbeek.zapto.org/.well-known/acme-challenge/8CsA8p31Y5Vb9HGs2hvJ2MXoHJk5nVAi1s4RKs6iUX8”,
“hostname”: “essenbeek.zapto.org”,
“port”: “80”,
“addressesResolved”: [
“81.164.243.53”
],
“addressUsed”: “81.164.243.53”
}
]
}
],
“combinations”: [
[
1
],
[
2
],
[
0
]
]
}
2017-05-03 13:59:00,611:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: essenbeek.zapto.org
Type: unauthorized
Detail: Invalid response from http://essenbeek.zapto.org/.well-known/acme-challenge/8CsA8p31Y5Vb9HGs2hvJ2MXoHJk5nVAi1s4RKs6iUX8: "<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/D" To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. 2017-05-03 13:59:00,611:INFO:certbot.auth_handler:Cleaning up challenges 2017-05-03 13:59:00,612:DEBUG:certbot.plugins.webroot:Removing /srv/http/.well-known/acme-challenge/8CsA8p31Y5Vb9HGs2hvJ2MXoHJk5nVAi1s4RKs6iUX8 2017-05-03 13:59:00,612:DEBUG:certbot.plugins.webroot:All challenges cleaned up, removing /srv/http/.well-known/acme-challenge 2017-05-03 13:59:00,613:DEBUG:certbot.log:Exiting abnormally: Traceback (most recent call last): File "/usr/bin/certbot", line 11, in
load_entry_point('certbot==0.13.0', 'console_scripts', 'certbot')()

File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 755, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 682, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 82, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 316, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 285, in obtain_certificate
self.config.allow_subset_of_names)
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 81, in get_authorizations
self._respond(resp, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 138, in _respond
self._poll_challenges(chall_update, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 202, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. essenbeek.zapto.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://essenbeek.zapto.org/.well-known/acme-challenge/8CsA8p31Y5Vb9HGs2hvJ2MXoHJk5nVAi1s4RKs6iUX8: "<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/D"

#2

Hi @bhaezlr,

You have probably specified the wrong webroot directory with -w, or else you probably have some redirection in your Apache configuration that prevents access to /.well-known.

Several ways of approaching this problem:


#3

The original certificate was obtained by this command:
certbot certonly --email --webroot -w /srv/http -d essenbeek.zapto.org

I already removed the certificate with : certbot delete

Webserver is external available @ http://essenbeek.zapto.org => output ‘No Access’

The is redirecting of the .well-known directory by /etc/httpd/conf/http-acme.conf:
Alias /.well-known/acme-challenge/ “/var/lib/letsencrypt/.well-known/acme-challenge/”
<Directory “/var/lib/letsencrypt/”>
AllowOverride None
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS

I made a file /var/lib/letsencrypt/.well-known/acme-challenge/test.txt => is available @ http://essenbeek.zapto.org/.well-known/acme-challenge/test.txt


#4

If so, then you must use -w /var/lib/letsencrypt instead of -w /srv/http.


#5

still having 404 on this

Andrei


#6

It’s test.txt rather than test2.txt. But the problem ultimately will be the -w value. If you’re serving that directory from under /var/lib/letsencrypt, -w needs to point to /var/lib/letsencrypt even if you’re serving the rest of the site from some other directory.


#7

now working :smiley:


#8

thx,

The problem was indeed the directory specified with the -w option.
Next error I get is ‘AH01903: Failed to configure CA certificate chain!’ but this is out of scope of this post.


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.