The client lacks sufficient authorization (on virtual machine)

fabiodainese · August 13, 2017, 1:37pm

Hi guys,
I have a problem with Let’s Encrypt, but first I’ll explain you what I did, so:

I’ve created a virtual machine (running Linux 16.04) on VirtualBox
I’ve installed LAMP on it (following this guide: https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-16-04)
I’ve created 2 virtual hosts (following this guide: https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-16-04)
And finally I’ve installed let’s encrypt (following this guide: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04 ) and I’ve run this command:

sudo certbot certonly --webroot -w /var/www/example.com/public_html/ -d example.com -d www.example.com

But it’s doesn’t works and show up this error:

Failed authorization procedure. www.example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.example.com/.well-known/acme-challenge/VtOc6hZSerP5ODjuXlXvAY2iZm7XkRufPGRjbIzVcUE: "<!doctype html>
<html>
<head>
    <title>Example Domain</title>

    <meta charset="utf-8" />
    <meta http-equiv="Content-type", example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.com/.well-known/acme-challenge/ttEY4dkJD8Z5vC_iwFvQyfc_0x71D4ODLEilgabH1BA: "<!doctype html>
<html>
<head>
    <title>Example Domain</title>

    <meta charset="utf-8" />
    <meta http-equiv="Content-type"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.example.com
   Type:   unauthorized
   Detail: Invalid response from
   http://www.example.com/.well-known/acme-challenge/VtOc6hZSerP5ODjuXlXvAY2iZm7XkRufPGRjbIzVcUE:
   "<!doctype html>
   <html>
   <head>
       <title>Example Domain</title>

       <meta charset="utf-8" />
       <meta http-equiv="Content-type"

   Domain: example.com
   Type:   unauthorized
   Detail: Invalid response from
   http://example.com/.well-known/acme-challenge/ttEY4dkJD8Z5vC_iwFvQyfc_0x71D4ODLEilgabH1BA:
   "<!doctype html>
<html>
   <head>
       <title>Example Domain</title>

       <meta charset="utf-8" />
       <meta http-equiv="Content-type"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.'

Now, I’ve searched this error and some of you suggest to try to create a simple page of test in ‘.well-known/acme-challenge/<my_test_page>’, but I’ve found that I don’t have the folder ‘acme-challenge’ (basically, I’ve just ‘/var/www/example.com/public_html/.well-known’).

How can i fix it?

rg305 · August 13, 2017, 8:09pm

Q1: Are you really using “example.com” - or is that an “alias” for your real domain that don’t want to show here?

Q2: Do you realize that the http auth attempts would need to reach the acme-challenge folder on the virtual machine?

fabiodainese · August 13, 2017, 9:05pm

Yeah, I’m using ‘example.com’
All the stuff are running on the virtual machine (locally), so there’s no interaction outside (I’ve already configured the file ‘/etc/hosts’ that when you type example.com on the browser it point on 127.0.0.1 and all this things works, so I can see the page, but just in HTTP, so I’ve tried to install let’s encrypt to have HTTPS but it doesn’t works as I said)

PS. If you’re asking you why I’m doing all of this, I mean locally, it’s because it’s a project for college

rg305 · August 13, 2017, 9:15pm

Unless you actually own the domain “example.com”, you won’t be able to generate a trusted cert for it.

You could review the certbot usage at: https://certbot.eff.org/docs/using.html#id21
and try the “obtain a test certificate” option.

schoen · August 14, 2017, 5:27pm

Even the test certificates issued from the Let’s Encrypt staging server can only be issued for a publicly-visible domain name that you actually control. The staging server is meant to replicate the same tests of control over a domain name that the production server would use.

To get a certificate from Let’s Encrypt, you will need to get a domain name of your own and then issue the certificate for that name.

system · September 13, 2017, 5:27pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.