Unable to generate odette.pro

Hello,

I’ve, until now, generated tens of thousands of LE certificates (thanks by the way). Today, i’m meeting an issue on odette.pro. The DNS are well configured but i always get an invalid authorization after verifying the challenge. My HTTP server doesn’t received the .well-known request. Any ideas?

Regards,
Xavier

Thanks for providing the domain name - I had a quick look but I don’t see an immediately obvious problem. Could you fill out the rest of the template questions please?

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Thanks for your quick reply.
I’m the hosting provider.
The server is Debian Jessie, but we have our own proxy.
The Apache version is 2.2.32.

When i run client.answer_challenge(challenge, response), i get:

ChallengeResource(body=ChallengeBody(chall=HTTP01(token=’…’), status=Status(pending), validated=None, uri=u’https://acme-v01.api.letsencrypt.org/acme/challenge/y06agJV57fk4Nl_Q3wrNXIfBheVwtaSko0O8vb6D0c8/2409687330’, error=None), authzr_uri=‘https://acme-v01.api.letsencrypt.org/acme/authz/y06agJV57fk4Nl_Q3wrNXIfBheVwtaSko0O8vb6D0c8’)

Then, get the authorizations :
authorization = messages.AuthorizationResource(
uri=auth_uri,
body=messages.Authorization.from_json(response.json()),
new_cert_uri=self.client.directory.new_cert
)
->
AuthorizationResource(body=Authorization(status=Status(invalid), challenges=(ChallengeBody(chall=TLSSNI01(token=…’), status=Status(pending), validated=None, uri=u’https://acme-v01.api.letsencrypt.org/acme/challenge/y06agJV57fk4Nl_Q3wrNXIfBheVwtaSko0O8vb6D0c8/2409687329’, error=None), ChallengeBody(chall=HTTP01(token=’…’), status=Status(invalid), validated=None, uri=u’https://acme-v01.api.letsencrypt.org/acme/challenge/y06agJV57fk4Nl_Q3wrNXIfBheVwtaSko0O8vb6D0c8/2409687330’, error=Error(typ=u’urn:acme:error:unauthorized’, detail=u’The key authorization file from the server did not match this challenge [ss2rbXANZlOoUp0w0aqh_8CkvAJ50TBgrMj1-Rzn5GI.3KfGAThFF8OhEOseYq65ig-BghPi6dBjjYyzBfwiVF4] != [ss2rbXANZlOoUp0w0aqh_8CkvAJ50TBgrMj1-Rzn5GI.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8]’, title=None)), ChallengeBody(chall=DNS01(token=’…’), status=Status(pending), validated=None, uri=u’https://acme-v01.api.letsencrypt.org/acme/challenge/y06agJV57fk4Nl_Q3wrNXIfBheVwtaSko0O8vb6D0c8/2409687331’, error=None)), identifier=Identifier(typ=IdentifierType(dns), value=u’odette.pro’), expires=datetime.datetime(2017, 11, 14, 11, 31, 49, tzinfo=), combinations=((0,), (2,), (1,))), new_cert_uri=u’https://acme-v01.api.letsencrypt.org/acme/new-cert’, uri=u’https://acme-v01.api.letsencrypt.org/acme/authz/y06agJV57fk4Nl_Q3wrNXIfBheVwtaSko0O8vb6D0c8’)

Is this an inbound proxy? Maybe you should exclude the location /.well-known/acme-challenge from proxying and pass these requests right to the destination. Otherwise you may want to process certificate issuance directly on the proxy itself.

1 Like

I just realized that our client had configured well the ipv4 but a wrong ipv6 :confused:.
Thanks for your support!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.