The client lacks sufficient authorization :: Invalid response

Server
1

Hello everyone,

I’ve been chipping away but with no luck.

I get The client lacks sufficient authorization :: Invalid response error when trying to activate lets encrypt

Error: Let’s Encrypt SSL certificate installation failed: Failed letsencrypt execution: Saving debug log to /opt/psa/var/modules/letsencrypt/logs/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for grayles.net
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. grayles.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://grayles.net/.well-known/acme-challenge/4aEq2RTYSg-W0wBD7QIZUYPt0mL-e3wN7bqj2vLiHsE: "<!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”>
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
IMPORTANT NOTES:

  • The following errors were reported by the server:

Domain: grayles.net
Type: unauthorized
Detail: Invalid response from
http://grayles.net/.well-known/acme-challenge/4aEq2RTYSg-W0wBD7QIZUYPt0mL-e3wN7bqj2vLiHsE:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

Now i assure you i can access the directory http://grayles.net/.well-known/acme-challenge AND i have a valid A record as well.

What do i do?

Many thanks for your help.

Pan

2

Hi Pan,

What command are you running ?

If you create a simple text file with “OK” in it at webroot/.well-known/acme-challenge/test

can you reach it OK in the browser ?

3

Hello! I am just running the letsencrypt extension.

You can see the OK txt file here:

http://grayles.net/.well-known/acme-challenge/ok.txt

4

Thanks - can you create the file without an extension please ( so no .txt on the end ) … just to check. Thanks.

5

I'm asking for a little more detail please. The "letsencrypt extension" in another package such as plesk ? or are you running it from the command line - if so, what exact command.

6

Hello,

Ah my apologies! .

The answer to that would be, yes I’m using plesk 12.5 to launch the extension.

7

OK, thanks for that. Can you tell me when you have changed the test file to remove the .txt extension please.

8

Hello,

Yup done. the address is:

http://grayles.net/.well-known/acme-challenge/ok

9

Hi,

I got the same kinda error while generating certificate. I use ftp to create challenge file in my domain. The .well-known/acme-challenge/ directory is created in my domain, but i cant reach this challenge file from http://www.iconectivteam.com/.well-known/acme-challenge/. It throws 404 error. May i konw what could be the reason for this. Why it cant be reached. Thanks in advance.

10

come on @preetham @MikeRob gave you a good clue in your original post

follow that track

11

As I said “in that track,” the Apache configuration files must tell Apache that a particular URL-location is to be served, as well as where (on the host system) the content is to come from.   If Apache has not been given this information, it might respond in either one of two ways:   (1)Forbidden, or (2) ;a seraphically innocent blank stare … “File?   What file?”   (404 Not Found).

12

Hello, Sorry to bump. @serverco what is my next step?

13

Are you still getting the same error when you try and run this from plesk ?

It looks as if there are a number of issues with the plesk plugin. Since everything else looks OK on your site for obtaining a certificate I’d suggest using a different client (or raising an issue with plesk )

14

Hey! Thanks for the quick reply. I guess I will ask on PLESK forums. My provider wont give me their plesk number so I can’t get any real support. If i ask them for help I get mixed replies, sometimes they say they can’t help me and sometimes they try? I don’t know how I am going to get help though, I have a feeling that they will just say “ask Lets-encrypt”

Though, thanks man for all your help!

15

You’re welcome - sorry I couldn’t fix it fully. There are other methods that can be used ( other than the plesk-letsencrypt plugin ) to obtain the cert though, so if you get no luck with Plesk, let us knnow and we’ll go through alternatives methods.

16

Oh and for your curiosity. I tried one more time. It gave me a new error! (hahaah this is terrible)

Error: Let's Encrypt SSL certificate installation failed: Failed letsencrypt execution: Saving debug log to /opt/psa/var/modules/letsencrypt/logs/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for grayles.net
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. grayles.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://grayles.net/.well-known/acme-challenge/ie6JWqVqWKg5F2qsRp2797pkT9vLRnEi24oN9nWGdwc: &quot;&lt;!DOCTYPE HTML PUBLIC &quot;-//IETF//DTD HTML 2.0//EN&quot;&gt;
&lt;html&gt;&lt;head&gt;
&lt;title&gt;404 Not Found&lt;/title&gt;
&lt;/head&gt;&lt;body&gt;
&lt;h1&gt;Not Found&lt;/h1&gt;
&lt;p&quot;
IMPORTANT NOTES:
 The following errors were reported by the server:

Domain: grayles.net
Type: unauthorized
Detail: Invalid response from
http://grayles.net/.well-known/acme-challenge/ie6JWqVqWKg5F2qsRp2797pkT9vLRnEi24oN9nWGdwc:
&quot;&lt;!DOCTYPE HTML PUBLIC &quot;-//IETF//DTD HTML 2.0//EN&quot;&gt;
&lt;html&gt;&lt;head&gt;
&lt;title&gt;404 Not Found&lt;/title&gt;
&lt;/head&gt;&lt;body&gt;
&lt;h1&gt;Not Found&lt;/h1&gt;
&lt;p&quot;

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
17

This is essentially the same error.

Each time you try and validate your domain, you will get a new “token” which should be placed in the .well-known/acme-challenge folder.

I this case the “token” was ie6JWqVqWKg5F2qsRp2797pkT9vLRnEi24oN9nWGdwc and again it couldn’t be reached at http://grayles.net/.well-known/acme-challenge/ie6JWqVqWKg5F2qsRp2797pkT9vLRnEi24oN9nWGdwc (there was a 404 error - file not found)

There is a slight error on your DNS - see http://dnsviz.net/d/grayles.net/dnssec/ which would be worth correcting, but I don’t think this DNS issue is causing your problem.

18

Yeah… SIGH

I will come back once i exhaust help from PLESK forums!

Thanks once again <3

19

Hello,

So PLESK forums didn’t help at all. I would buy a license just for support but its beyond my budget.

Does anyone know if there are other ways i can get a SSL?

So i found this site https://www.sslforfree.com/

I followed the steps to the letter, but now i got a new issue

https://grayles.net/

Secure Connection Failed

An error occurred during a connection to grayles.net. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
20

Your configuration is incorrect. You are sending http not https on port 443 ( you can test using http://grayles.net:443 )

I’m guessing you haven’t got a “SSLEngine on” in your config for port 443.