Unable to generate odette.pro

xlefloch · November 7, 2017, 2:03pm

Hello,

I’ve, until now, generated tens of thousands of LE certificates (thanks by the way). Today, i’m meeting an issue on odette.pro. The DNS are well configured but i always get an invalid authorization after verifying the challenge. My HTTP server doesn’t received the .well-known request. Any ideas?

Regards,
Xavier

jmorahan · November 7, 2017, 2:17pm

Thanks for providing the domain name - I had a quick look but I don’t see an immediately obvious problem. Could you fill out the rest of the template questions please?

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

xlefloch · November 7, 2017, 3:06pm

Thanks for your quick reply.
I’m the hosting provider.
The server is Debian Jessie, but we have our own proxy.
The Apache version is 2.2.32.

When i run client.answer_challenge(challenge, response), i get:

ChallengeResource(body=ChallengeBody(chall=HTTP01(token=’…’), status=Status(pending), validated=None, uri=u’https://acme-v01.api.letsencrypt.org/acme/challenge/y06agJV57fk4Nl_Q3wrNXIfBheVwtaSko0O8vb6D0c8/2409687330’, error=None), authzr_uri=‘https://acme-v01.api.letsencrypt.org/acme/authz/y06agJV57fk4Nl_Q3wrNXIfBheVwtaSko0O8vb6D0c8’)

Then, get the authorizations :
authorization = messages.AuthorizationResource(
uri=auth_uri,
body=messages.Authorization.from_json(response.json()),
new_cert_uri=self.client.directory.new_cert
)
->
AuthorizationResource(body=Authorization(status=Status(invalid), challenges=(ChallengeBody(chall=TLSSNI01(token=…’), status=Status(pending), validated=None, uri=u’https://acme-v01.api.letsencrypt.org/acme/challenge/y06agJV57fk4Nl_Q3wrNXIfBheVwtaSko0O8vb6D0c8/2409687329’, error=None), ChallengeBody(chall=HTTP01(token=’…’), status=Status(invalid), validated=None, uri=u’https://acme-v01.api.letsencrypt.org/acme/challenge/y06agJV57fk4Nl_Q3wrNXIfBheVwtaSko0O8vb6D0c8/2409687330’, error=Error(typ=u’urn:acme:error:unauthorized’, detail=u’The key authorization file from the server did not match this challenge [ss2rbXANZlOoUp0w0aqh_8CkvAJ50TBgrMj1-Rzn5GI.3KfGAThFF8OhEOseYq65ig-BghPi6dBjjYyzBfwiVF4] != [ss2rbXANZlOoUp0w0aqh_8CkvAJ50TBgrMj1-Rzn5GI.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8]’, title=None)), ChallengeBody(chall=DNS01(token=’…’), status=Status(pending), validated=None, uri=u’https://acme-v01.api.letsencrypt.org/acme/challenge/y06agJV57fk4Nl_Q3wrNXIfBheVwtaSko0O8vb6D0c8/2409687331’, error=None)), identifier=Identifier(typ=IdentifierType(dns), value=u’odette.pro’), expires=datetime.datetime(2017, 11, 14, 11, 31, 49, tzinfo=), combinations=((0,), (2,), (1,))), new_cert_uri=u’https://acme-v01.api.letsencrypt.org/acme/new-cert’, uri=u’https://acme-v01.api.letsencrypt.org/acme/authz/y06agJV57fk4Nl_Q3wrNXIfBheVwtaSko0O8vb6D0c8’)

bytecamp · November 7, 2017, 3:08pm

Is this an inbound proxy? Maybe you should exclude the location /.well-known/acme-challenge from proxying and pass these requests right to the destination. Otherwise you may want to process certificate issuance directly on the proxy itself.

xlefloch · November 7, 2017, 3:20pm

I just realized that our client had configured well the ipv4 but a wrong ipv6 .
Thanks for your support!

system · December 7, 2017, 3:20pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.