[SOLVED] "Incomplete authorizations" when trying to create certificate with manual verification


#1

Task: install LE certificate on Amazon OS-powered VM.

Problem: LE client won’t run in that environment, since it expects pip version 7.1.2, and the latest available from repository is 7.1.0

I attempt to use LE on Ubuntu 14.04 (64-bit), using command (domain name replaced):

./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory -a manual -d example.com certonly

and the result is

“Incomplete authorizations”

With --debug argument, I see:

Traceback (most recent call last):
File “/home/user/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
sys.exit(main())
File “/home/user/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 1139, in main
return args.func(args, config, plugins)
File “/home/user/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 490, in obtaincert
_auth_from_domains(le_client, config, domains, plugins)
File “/home/user/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/cli.py”, line 328, in _auth_from_domains
lineage = le_client.obtain_and_enroll_certificate(domains, plugins)
File “/home/user/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py”, line 229, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File “/home/user/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py”, line 212, in obtain_certificate
return self._obtain_certificate(domains, csr) + (key, csr)
File “/home/user/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/client.py”, line 170, in _obtain_certificate
authzr = self.auth_handler.get_authorizations(domains)
File “/home/user/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py”, line 87, in get_authorizations
self.verify_authzr_complete()
File “/home/user/.local/share/letsencrypt/local/lib/python2.7/site-packages/letsencrypt/auth_handler.py”, line 298, in verify_authzr_complete
raise errors.AuthorizationError(“Incomplete authorizations”)
AuthorizationError: Incomplete authorizations

So I am pretty much stuck. Could someone suggest solution for the above? The client fails after it offers to register IP from which verification was requested.


#2

can you try to take out the domain (including the -d) and rather enter it in the pseudo-gui?

also did you even get your challenge (upload this text at this URL)?


#3

I tried omitting the ‘-d example.com’ part.

It then asks for it, asks whether I am OK with IP of my computer being logged, then fails with the same message.

The text in GUI reads: “Self-verify of challenge failed, authorization abandoned.”

I never get the challenge.


#4

I assume you still certonly and -a manual in it?


#5

Correct.

I can’t use automated verification, since the script won’t run in Amazon OS environment.

Are there any more ideas how to make it work?

Thanks.


#6

well I did manual on my raspi without a problem, maybe it is because my raspi and my “webserver” share the same outbound IP (both running at home) I dunno.


#7

All solved, thanks for the hints in related threads.

The problem was the Apache did supply the following Content-Type:

text/plain; charset=UTF-8

whereas the script demanded simply

text/plain

The final message was too cryptic to understand it in full, I just read the whole output with ‘–verbose’ to see the mentioned actual problem.

The certificate is installed and works fine. Thanks.


#8

How did you changed to just text/plain?