The client lacks sufficient authorization :: Error creating new authz :: Syntax error


#1
# cat ~/.config/letsencrypt/cli.ini
# This is an example configuration file for developers
config-dir = /usr/local/etc/letsencrypt/conf
work-dir = /usr/local/etc/letsencrypt/conf
logs-dir = /usr/local/etc/letsencrypt/logs

# make sure to use a valid email and domains!
email = randy@psg.com
domains = rg.net wiki.rg.net

text = True
agree-dev-preview = True
agree-tos = True
debug = True
# Unfortunately, it's not possible to specify "verbose" multiple times
# (correspondingly to -vvvvvv)
verbose = True

authenticator = standalone

been trying for two weeks since last whitelisted domain registered. am getting

# ./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory auth
    Updating letsencrypt and virtual environment dependencies......
    Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory auth
    2015-11-06 04:00:38,952:INFO:letsencrypt.cli:Saving debug log to /usr/local/etc/letsencrypt/logs/letsencrypt.log
    2015-11-06 04:00:39,414:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
    2015-11-06 04:00:40,363:INFO:letsencrypt.crypto_util:Generating key (2048 bits): /usr/local/etc/letsencrypt/conf/keys/0005_key-letsencrypt.pem
    2015-11-06 04:00:40,380:INFO:letsencrypt.crypto_util:Creating CSR: /usr/local/etc/letsencrypt/conf/csr/0005_csr-letsencrypt.pem
    2015-11-06 04:00:40,386:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
    2015-11-06 04:00:40,774:INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
    Traceback (most recent call last):
      File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
        sys.exit(main())
      File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/cli.py", line 1138, in main
        return args.func(args, config, plugins)
      File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/cli.py", line 490, in obtaincert
        _auth_from_domains(le_client, config, domains, plugins)
      File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/cli.py", line 328, in _auth_from_domains
        lineage = le_client.obtain_and_enroll_certificate(domains, plugins)
      File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/client.py", line 229, in obtain_and_enroll_certificate
        certr, chain, key, _ = self.obtain_certificate(domains)
      File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/client.py", line 212, in obtain_certificate
        return self._obtain_certificate(domains, csr) + (key, csr)
      File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/client.py", line 170, in _obtain_certificate
        authzr = self.auth_handler.get_authorizations(domains)
      File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/auth_handler.py", line 74, in get_authorizations
        domain, self.account.regr.new_authzr_uri)
      File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py", line 215, in request_domain_challenges
        typ=messages.IDENTIFIER_FQDN, value=domain), new_authz_uri)
      File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py", line 195, in request_challenges
        response = self.net.post(new_authzr_uri, new_authz)
      File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py", line 624, in post
        return self._check_response(response, content_type=content_type)
      File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/acme/client.py", line 542, in _check_response
        raise messages.Error.from_json(jobj)
    Error: unauthorized :: The client lacks sufficient authorization :: Error creating new authz :: Syntax error

#2

When I ran letsencrypt-auto --apache, it found a ServerAlias with a wildcard name in it (as in ‘*.example.com’) and tried to use that as an alternate domain in the cert. That threw the error:

An unexpected error occurred. Error: unauthorized :: The client lacks sufficient authorization :: Error creating new authz :: Syntax error

Wildcard domains aren’t supported by LE. Changing the wildcard ServerAlias to one with a hostname in front fixed it for me (as in ‘www.example.com’).