The server could not connect to the client to verify the domain


#1

HI i cant renew the certificate.
i can acces to https://variables.dikter.com.ar/well-known/acme-challenge/test.txt
My domain is:
variables.dikter.com.ar
I ran this command:
letsencrypt certonly -a webroot --webroot-path=/var/www/html -d variables.dikter.com.ar -d www.variables.dikter.com.ar
It produced this output:

My SO is Debian and i use apache

Do you want to expand and replace this existing certificate with the new
certificate?

(E)xpand/©ancel: e
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for variables.dikter.com.ar
http-01 challenge for www.variables.dikter.com.ar
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. variables.dikter.com.ar (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://variables.dikter.com.ar/.well-known/acme-challenge/Iq2QfWOkalUUUUClRhQqkjQoSb9W8Te2Z6905TjN_W8: “\n\n404 Not Found\n\n

Not Found

\n<p”, www.variables.dikter.com.ar (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.variables.dikter.com.ar/.well-known/acme-challenge/vK1z5kqTK4hx8VGlY4tfA54vDgiiSnay5XYqqd-M8U8: “\n\n404 Not Found\n\n

Not Found

\n<p”

IMPORTANT NOTES:

Thanks


#2

Hi,

The document is not accessible for us on ipv6…

Could you please double check on this?(make sure ipv6 is also listened)

Thank you


#3

Hi @mstraschnoy,

I see no obvious error in your conf. The file test.txt is here /var/www/html/.well-known/acme-challenge/test.txt?.

Could you please create a new test file without extension just to check it?.

echo -n 'LE Community Test' > /var/www/html/.well-known/acme-challenge/letest

Cheers,
sahsanu


#4

@stevenzhu, domains variables.dikter.com.ar and www.variables.dikter.com.ar don’t have AAAA records… at least from my side


#5

Yeah… I think my mobile carrier is messing up my ns lookup somehow…

However, it’s still not accessable in my browser…


#6

Hi @stevenzhu,

Maybe you are trying the url posted by @mstraschnoy but there is a typo in the url, it lacks a dot in well-known, this is the right one:

http://variables.dikter.com.ar/.well-known/acme-challenge/test.txt

Regarding the AAAA record, maybe your carrier has it cached and maybe that was the issue when @mstraschnoy tried to issue the cert but right now, there are no AAAA records :wink:

$ dig @ns-0.net variables.dikter.com.ar aaaa +nodns

; <<>> DiG 9.11.3-1ubuntu1.2-Ubuntu <<>> @ns-0.net variables.dikter.com.ar aaaa +nodns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29414
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;variables.dikter.com.ar.       IN      AAAA

;; AUTHORITY SECTION:
dikter.com.ar.          300     IN      SOA     ns-0.net. soporte.geored.com. 2018111401 10800 3600 1209600 300

;; Query time: 247 msec
;; SERVER: 190.2.42.166#53(190.2.42.166)
;; WHEN: Wed Nov 14 16:45:11 CET 2018
;; MSG SIZE  rcvd: 114

$ dig @ns-0.net www.variables.dikter.com.ar aaaa +nodns

; <<>> DiG 9.11.3-1ubuntu1.2-Ubuntu <<>> @ns-0.net www.variables.dikter.com.ar aaaa +nodns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29765
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.variables.dikter.com.ar.   IN      AAAA

;; ANSWER SECTION:
www.variables.dikter.com.ar. 3600 IN    CNAME   variables.dikter.com.ar.

;; AUTHORITY SECTION:
dikter.com.ar.          300     IN      SOA     ns-0.net. soporte.geored.com. 2018111401 10800 3600 1209600 300

;; Query time: 253 msec
;; SERVER: 190.2.42.166#53(190.2.42.166)
;; WHEN: Wed Nov 14 16:45:16 CET 2018
;; MSG SIZE  rcvd: 132

$ dig @ns-1.net variables.dikter.com.ar aaaa +nodns

; <<>> DiG 9.11.3-1ubuntu1.2-Ubuntu <<>> @ns-1.net variables.dikter.com.ar aaaa +nodns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46858
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;variables.dikter.com.ar.       IN      AAAA

;; AUTHORITY SECTION:
dikter.com.ar.          300     IN      SOA     ns-0.net. soporte.geored.com. 2018111401 10800 3600 604800 300

;; Query time: 50 msec
;; SERVER: 94.130.249.146#53(94.130.249.146)
;; WHEN: Wed Nov 14 16:46:22 CET 2018
;; MSG SIZE  rcvd: 114

$ dig @ns-1.net www.variables.dikter.com.ar aaaa +nodns

; <<>> DiG 9.11.3-1ubuntu1.2-Ubuntu <<>> @ns-1.net www.variables.dikter.com.ar aaaa +nodns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10624
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.variables.dikter.com.ar.   IN      AAAA

;; ANSWER SECTION:
www.variables.dikter.com.ar. 3600 IN    CNAME   variables.dikter.com.ar.

;; AUTHORITY SECTION:
dikter.com.ar.          300     IN      SOA     ns-0.net. soporte.geored.com. 2018111401 10800 3600 604800 300

;; Query time: 49 msec
;; SERVER: 94.130.249.146#53(94.130.249.146)
;; WHEN: Wed Nov 14 16:46:31 CET 2018
;; MSG SIZE  rcvd: 132

Cheers,
sahsanu


#7

I dont have ipv6 address


#8

Yeah… That’s my bad…

It’s my carrier who add the AAAA record…

Sorry about that.


#9

Hola @mstraschnoy,

Did you have time to test this?.

Nota: Si lo prefieres podemos hablar en Español :wink:

Un saludo,
sahsanu


#10

Hola muchas gracias ante todo, ya cree el archivo que me pediste.
al archivo que puedo acceder esta dentro de la carpeta /var/www/html/variables/.well-known/acme-challenge/letest al de la carpeta .well-known/acme-challenge/letest no se como poder verlo.

Saludos.


#11

Hola @mstraschnoy,

Si puedes acceder a http://variables.dikter.com.ar/.well-known/acme-challenge/letest poniendo el fichero en /var/www/html/variables/.well-known/acme-challenge/letest y no en /var/www/html/.well-known/acme-challenge/letest entonces es que el webroot para variables.dikter.com.ar es /var/www/html/variables en vez de /var/www/html/ y deberías modificarlo en los parametros de letsencrypt:

letsencrypt certonly -a webroot --webroot-path /var/www/html/variables -d variables.dikter.com.ar -d www.variables.dikter.com.ar

Un saludo,
sahsanu


#12

Muchas Gracias!!!
Funciono disculpa las molestias.


#13

Me alegro de que haya funcionado y no pidas disculpas que estamos aquí para ayudar en todo lo que podamos :wink: