Unable to verify my domain because of acme challenge


#1

I can’t understand how to verify my domain for letsencrypt.

$ ./letsencrypt-auto certonly -a webroot --webroot-path=/home/my_user1/my_domain -d my_domain.com -d www.my_domain.com
Requesting root privileges to run certbot...
  /home/my_user1/.local/share/letsencrypt/bin/letsencrypt certonly -a webroot --webroot-path=/home/my_user1/my_domain -d my_domain.com -d www.my_domain.com
Failed authorization procedure. my_domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://my_domain.com/.well-known/acme-challenge/aaa: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>", www.my_domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.my_domain.com/.well-known/acme-challenge/bbbb: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: my_domain.com
   Type:   unauthorized
   Detail: Invalid response from
   http://my_domain.com/.well-known/acme-challenge/aaaaa:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

   Domain: www.my_domain.com
   Type:   unauthorized
   Detail: Invalid response from
   http://www.my_domain.com/.well-known/acme-challenge/bbbb:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

After that I create those 2 files in acte-challenge directory, re-run the script and but this time it requests 2 different ones. That is, it’s always step ahead and can’t know what files it’ll generate next time.

I’ve tried “sudo” also, but it didn’t help.

What should I do about that? Or what’s an easier way to set it up? I’ve done it before I don’t remember how exactly because it’s changing over time.


Certbot renewal: Failed authorization procedure (403 Forbidden)
#2

The client creates those files for you, there’s no need to create them manually when using the webroot plugin. In case you’re wondering why there are no files after running the client: they’re cleaned up after the challenge completes.

Try creating the .well-known/acme-challenge directory manually, put a file in there and check if your browser is able to request that file successfully. A common issue is that .htaccess rules or similar are interfering with the request and preventing the file from being served. Your web server logs might have more details.


#3

I notice you say “acte-challenge” directory, please confirm the directory name is acme-challenge.


#4
  1. “The client creates those files for you,” - what client? where does it create them?
  2. why do you assume I’m using apache?
  3. ".well-known/acme-challenge directory manually, " – what’s the full path?

#5

letsencrypt-auto (now known as certbot or certbot-auto) is the client. It creates the file at the path you provide (--webroot-path=/home/my_user1/my_domain). This path should lead to the “root” directory from which your web server serves files (the equivalent of apache’s DocumentRoot or nginx’s root directive for your web server).

I’m not, this is just an example of a common issue. Without more details about your environment, it’s hard to guess.

The webroot path you pass to the client + /.well-known/acme-challenge.


#6

Thanks, I’ll try it one more time.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.