The client lacks sufficient authorization while registering for a test certificate

lourdas · April 21, 2017, 5:23pm

Hi there,

This is my first post here and I’m facing a problem with automating the renew process with letsencrypt.

I’ve created a test site at http://testsite.my.domain and I want to obtain a test certificate for that site. I’ve created a include file for Apache with contents:

Alias /.well-known/acme-challenge/ "/var/www/acme-challenge/"
<Directory "/var/www/acme-challenge/">
    AllowOverride None
    Options Indexes SymLinksIfOwnerMatch IncludesNoExec
    Require method GET POST OPTIONS
    Require all granted
    ForceType 'text/plain'
    AddDefaultCharset Off
</Directory>

/var/www/acme-challenge/ is owned by the apache user and has 777 permissions. I include this config file in my testsite vhost file. If I try to access http://testsite.my.domain/.well-known/acme-challenge/ from the browser Apache returns a listing of the files inside the directory, so, this alias directory is accessible from the browser.

I execute this command (as root) to obtain the certificate:

certbot certonly --webroot --test-cert -w /home/www/vhosts/testsite/ -d testsite.my.domain -v

I get a 404 error:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for testsite.my.domain
Using the webroot path /home/www/vhosts/testsite for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. testsite.my.domain (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://testsite.my.domain/.well-known/acme-challenge/JhzOOYXG8xo83LFJZJVRFtoQ-L6snyHiSXyqdHAHc3Q: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: testsite.my.domain
Type:   unauthorized
Detail: Invalid response from
http://testsite.my.domain/.well-known/acme-challenge/JhzOOYXG8xo83LFJZJVRFtoQ-L6snyHiSXyqdHAHc3Q:
"<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

What is the error here? In the vhost access log I get this:

66.133.109.36 - - [21/Apr/2017:20:17:54 +0300] "GET /.well-known/acme-challenge/JhzOOYXG8xo83LFJZJVRFtoQ-L6snyHiSXyqdHAHc3Q HTTP/1.1" 404 268 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

Any help would be greatly appreciated!

sahsanu · April 21, 2017, 5:41pm

Hi @lourdas,

Change your alias from:

Alias /.well-known/acme-challenge/ "/var/www/acme-challenge/"

to

Alias /.well-known/acme-challenge/ "/var/www/acme-challenge/.well-known/acme-challenge/"

Then restart or reload apache and change the root dir for your domain in certbot command:

certbot certonly --webroot --test-cert -w /var/www/acme-challenge/ -d testsite.my.domain -v

And try again.

Cheers,
sahsanu

lourdas · April 21, 2017, 6:10pm

Thanks. This did the trick.

system · May 21, 2017, 6:22pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.