The client lacks sufficient authorization :: Invalid response from

Hi everyone,

I’m trying to get a letsencrypt certificate via certbot, but I always had an error…
My website is hosted on AWS (ubuntu AMI) and use nginx 1.14.0 with php7.2-fpm

Here is the error :

ubuntu@ip-xxx-xx-xx-xxx: ~ $ sudo certbot --nginx -d domain.com

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for domain.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. domain.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain.com/.well-known/acme-challenge/xxxxxx-xxxxxxxxxxxxxx [xxx.xxx.xx.xx]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>"

IMPORTANT NOTES:
- The following errors were reported by the server:

  Domain: domain.com
  Type:   unauthorized
  Detail: Invalid response from
  https://domain.com/.well-known/acme-challenge/xxxxxxxxxxx-xxxxxxxxxxxxxxx
  [xx.xxx.xxx.xx]: "<html>\r\n<head><title>404 Not
  Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
  Not Found</h1></center>\r\n<hr><center>"

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.
...

Here is a sample of my nginx domain conf :
N.B. if you notice ssl certificate lines on my conf, it was cloudflare certificates, but I’m moving on cloudfront so I want to use letsencrypt now

server {
    listen 80;
    server_name domain.com;

    location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        allow all;
    }

    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name domain.com;

    root /var/www/mysite;
    index index.php index.html;

    if ($host != "domain.com") {
        return 404;
    }

    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;

    # It was cloudflare certificates, but I'm moving on cloudfront 
    # so I want to use letsencrypt now
    ssl_certificate /etc/nginx/ssl/certs/domain.crt;
    ssl_certificate_key /etc/nginx/ssl/private/domain.key;

    location ~ \.php {
        fastcgi_pass   unix:/var/run/php/php7.2-fpm.sock;
        #fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }
}

I also tried with nginx plugin and also with webroot-path but it doesn’t work…

I noticed that the following directories were not created : .well-known/ and .well-known/acme-challenges

if I manualy create the directories and a file in /var/www/mysite/.well-known/acme-challenge/random-file.txt I can access it via browser

I need some help please

Best regards

Thanks

sudo certbot -a webroot -i nginx -w /var/www/mysite -d domain.com

(remove the location block on port 80.)

Wow, thank you for answering my question so quickly !

it work now (I removed the location block)

I wrote the location block after reading the recommendation somewhere in a forum (maybe in stack overflow, I don’t remember). I tried this fix because the certbot didn’t work for me when I used sudo certbot --nginx

But with your command

sudo certbot -a webroot -i nginx -w /var/www/mysite -d domain.com

and after removing the block, now everything is fine !

Thanks a lot

Thanks, That’s works for me too.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.