I created the .htaccess with instructions mentionned inside .well-known directory, with no more success. I will investigate later why UTF-8 is still present in Content-type. Perhaps my http.conf?
Then I tried the same .htaccess in another server/domain and the result is now ok for Content-type. But no more success with letsencrypt
Here are my new tries with this server:
[root@integ4 letsencrypt]# curl -i http://amicare-france.com/.well-known/acme-challenge/dummychallengefile | cat -A
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 22 100 22 0 0 1837 0 --:–:-- --:–:-- --:–:-- 2000
HTTP/1.1 200 OK^M$
Date: Mon, 21 Dec 2015 11:43:31 GMT^M$
Server: Apache/2.2.15 (Red Hat)^M$
Last-Modified: Sat, 19 Dec 2015 14:10:47 GMT^M$
ETag: “61c-16-52740d28b7b84”^M$
Accept-Ranges: bytes^M$
Content-Length: 22^M$
Connection: close^M$ Content-Type: text/plain^M$
^M$
Make sure your web server displays the following content at
…
If you don’t have HTTP server configured, you can run the following
command on the target server (as root):
mkdir -p /tmp/letsencrypt/public_html/.well-known/acme-challenge
cd /tmp/letsencrypt/public_html
printf “%s” 0IaVLH5tvo0X4OHJ7iUk8AKoGQUs3tzXOzARu_uv_cQ.1DYE223Nhwxf-0MUzbF313jl3QZ0-37zgVyL3IJYiak > .well-known/acme-challenge/0IaVLH5tvo0X4OHJ7iUk8AKoGQUs3tzXOzARu_uv_cQ
run only once per server:
$(command -v python2 || command -v python2.7 || command -v python2.6) -c
"import BaseHTTPServer, SimpleHTTPServer;
s = BaseHTTPServer.HTTPServer((’’, 80), SimpleHTTPServer.SimpleHTTPRequestHandler);
s.serve_forever()"
Press ENTER to continue
Maybe you are not allowing AllowOverride using .htaccess files in that dir.
Thats the message that you receive using manual mode but what you did?. I mean, exactly, what are the command that you used and in which machine?
Because these are the steps you should perform:
Server 1... where you are running the letsencryp comman in manual mode: ./letsencrypt-auto certonly -d amicare-france.com --staging --text --email youruser@yourdomain.tld --agree-tos --manual --manual-public-ip-logging-ok
Then you should see in your screen the procedure to create the challenge file, don't press enter yet. Copy the printf "%s" ...... line and now you should open a new ssh session to your server 2.
Server 2:
With the new session open, cd till the document root of your web server (the one used by amicare-france.com (I think it is /var/www/html/) so once in that dir, paste the line that you copied previously (printf ...)
Now, check that you can connect to that new file created.
Thanks a lot for your precious help as the manual mode works like a charm!
I won’t use the --webroot option which doesn’t work for me, but never mind as I get a solution with the manual mode.
Thanks again, good luck for your super project … and Merry Christmas.
Cheers
I had the same problem with the ‘client lacks the sufficient authorization’ error today. It turned out that I created the .well-known/acme-challenge/ folders into the wrong directory. LE wanted the challenge folders to be above my domain directories which are:
I was getting this issue only on certain sites on my server when using certonly and webroot.
It turned out to be the htaccess file from the cms’s on those domains (grav) which was blocking files and folders starting with a dot.
# Block all direct access to files and folders beginning with a dot
RewriteRule (^\.|/\.) - [F]
Commenting out that line fixed the issue and the certs then installed.
I had also been checking in the .well-known folder and didn’t see any files in there before or after it was working, so I’m not sure if that’s anything to do with ftp configuration but having no files in that folder doesn’t seem to be an issue.
Another reason this can happen is if you're redirecting all http traffic to https, but forget to append the rest of the URL on the end.
For instance, if you're redirecting all http traffic to the homepage / root like this
RewriteCond %{HTTP_HOST} =example.com
RewriteRule ^(.*) https://www.example.com [L,R=301]
then the challenge will fail with
Failed authorization procedure. streamupbox.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: SERVFAIL looking up A for streamupbox.com
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
admin@StreamupBox:/opt/letsencrypt$ sudo ./letsencrypt-auto certonly --webroot -w /var/www/streamupbox.com/streamupbox -d streamupbox.com
Checking for new version…
Requesting root privileges to run letsencrypt…
/home/admin/.local/share/letsencrypt/bin/letsencrypt certonly --webroot -w /var/www/streamupbox.com/streamupbox -d streamupbox.com
Failed authorization procedure. streamupbox.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: DNS problem: SERVFAIL looking up A for streamupbox.com
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Yet NS1 and NS2 are not (for me ) returning any response. You need to sort out your DNS so that the nameservers specified at your domain name registrar respond correctly for your domain name.