The client lacks sufficient authorization

My domain is:
countomega.ddnsfree.com
I ran this command:
certbot --apache
It produced this output:
Failed authorization procedure. countomega.ddnsfree.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://countomega.ddnsfree.com/.well-known/acme-challenge/jqpFcTDMVJrLrDrpAYHI8mHsEwTHHkSpfQazYxJT0FQ [93.212.153.143]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
My web server is (include version):
Apache/2.4.29 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 18.04.2 LTS
My hosting provider, if applicable, is:
Dynu
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is:
0.31.0
I´m running a nextcloud 16.0 on my Rock64. Any help would be appriciated.

Thanks in advance

Count Omega

https://letsdebug.net/countomega.ddnsfree.com/40097
AAAANotWorking

Error

countomega.ddnsfree.com has an AAAA (IPv6) record (2003:ea:dbd6:ea00:646c:ebff:fe45:ddbb) but a test request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address. You should either ensure that validation requests to this domain succeed over IPv6, or remove its AAAA record.

Get http://countomega.ddnsfree.com/.well-known/acme-challenge/letsdebug-test: dial tcp [2003:ea:dbd6:ea00:646c:ebff:fe45:ddbb]:80: connect: permission denied

Trace:
@0ms: Making a request to http://countomega.ddnsfree.com/.well-known/acme-challenge/letsdebug-test (using initial IP 2003:ea:dbd6:ea00:646c:ebff:fe45:ddbb)
@0ms: Dialing 2003:ea:dbd6:ea00:646c:ebff:fe45:ddbb
@114ms: Experienced error: dial tcp [2003:ea:dbd6:ea00:646c:ebff:fe45:ddbb]:80: connect: permission denied

Hi @orangepizza :

the diagnose is correct. But curiously:

There is no ipv6 address used.

Typical errors with a working ipv4 and a not working ipv6 have the ipv6 address in the error message.

Hi @CountOmega

did you add the ipv6 address later? I see the same like letsdebug - ipv6 timeouts ( https://check-your-website.server-daten.de/?q=countomega.ddnsfree.com ):

Domainname Http-Status redirect Sec. G
http://countomega.ddnsfree.com/
93.212.153.143 200 0.123 H
http://countomega.ddnsfree.com/
2003:ea:dbd6:ea00:646c:ebff:fe45:ddbb -14 10.030 T
Timeout - The operation has timed out
http://www.countomega.ddnsfree.com/
93.212.153.143 200 0.126 H
http://www.countomega.ddnsfree.com/
2003:ea:dbd6:ea00:646c:ebff:fe45:ddbb -14 10.026 T
Timeout - The operation has timed out

So first step - remove your not working ipv6. Then try to find your DocumentRoot, then use it.

certbot run -a webroot -i apache -w yourDocumentRoot -d countomega.ddnsfree.com

Thank you for the quick reply. I´ll try this.

I´ve removed the Ipv6 in the DDNS configuration, but I´m still getting the same error. The Document Root is /var/ww/nextcloud, right?

I don't know. Check your config file.

Sometimes /var/www/nextcloud, sometimes /var/www or another directory.

Create the two subdirectories

DocumentRoot/.well-known/acme-challenge

there a file (file name 1234), then try to load that file

http://countomega.ddnsfree.com/.well-known/acme-challenge/1234

That must work.

I´ve created the two directories earlier, but ls return empty. Permissions are set for 755.

Then create a file and check, if you are able to see that file in your browser.

If not, the DocumentRoot is wrong.

Firefox keeps saying security error. Somehow the site has the certificate from my brothers’ ddns running in the same network: SSL_ERROR_BAD_CERT_DOMAIN. I can´t explain how this happens.

Skipping security via Edge gives me
Not Found
The requested URL /.well-known/acme-challenge/1234 was not found on this server.
Apache/2.4.25 (Raspbian) Server at countomega.ddnsfree.com Port 443

Why answers port 443? Do you have a redirect http -> https?

There - https://check-your-website.server-daten.de/?q=countomega.ddnsfree.com#url-checks - is no redirect visible.

Or is this a home server with a wrong port forwarding, so port 80 extern -> port 443 intern?

What says

apachectl configtest
apachectl fullstatus
apachectl -S
apachectl fullstatus
/usr/sbin/apachectl: 113: /usr/sbin/apachectl: www-browser: not found
'www-browser -dump http://localhost:80/server-status' failed.
Maybe you need to install a package providing www-browser or you
need to adjust the APACHE_LYNX variable in /etc/apache2/envvars

apachectl -S
VirtualHost configuration:
*:80                   countomega.ddnsfree.com (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

i have the permanent redirect on the .conf commented.

There is your document root.

I created the directories and an 1234 fille, yet I´m still getting

The requested URL /.well-known/acme-challenge/1234 was not found on this server.
Apache/2.4.25 (Raspbian) Server at countomega.ddnsfree.com Port 443

. Entering port 80 now gets me an 500 error.

I think i found the error:
/var/www/nextcloud/.htaccess: php_value takes two arguments, PHP Value Modifier
In .htaccess:
<IfModule mod_php7.c>
php_value mbstring.func_overload 0
php_value default_charset 'UTF-8'
php_value output_buffering 0
php_value upload_max_filesize
php_value post_max_size
<IfModule mod_env.c>
I once edited it in order to set the up/download filesize. Do I have to change it?

That fixed apache errors and nextcloud runs again, but am still getting
The client lacks sufficient authorization etc.

And still getting The requested URL /.well-known/acme-challenge/1234 was not found on this server.

can you access that file from the internet?

No.I still can’t access it.