Unauthorized 404 Error well-known/acme-challenge on a hosting web space

Help
1

I have a small hosting on register.it and I would like to run manual certification on our domain, so I setup an ubuntu linux machine and I tried
sudo certbot certonly --standalone --preferred-challenges http -d ourdomain.eu -d www.ourdomain.eu

but I have this error

Failed authorization procedure. www.ourdomain.eu (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.ourdomain.eu/.well-known/acme-challenge/3e9mrk5rdpbISJubzl6Cx1XHGLXpeH0meBkO_Cn_KLE: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p", ourdomain.eu (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://ourdomain.eu/.well-known/acme-challenge/0rjXapg74LpqrJKl1U_3uytT88jymLs_5q6u1x9Co90: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>

What should I try to solve this ?
Thanks
Stefano

2

Hi,

Please provide us your full domain name.

Thank you

3

Thanks,
after a deep check I found that my error was to launch certbot with --standalone instead --manual.
Now I have the certificate but for http.
How can I upgrade it to https?

Stefano

4

Hi,

What software are u using?

Apache or Nginx?

(Or cPanel?)

5

I have an hosting on register.it and I think is Apache.
I’d like to upgrade the existing certificate from http to tls-sni, but I have an error

sudo certbot certonly --manual --preferred-challenges tls-sni -d controlli.eu -d www.controlli.eu
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/controlli.eu.conf)

What would you like to do?
-------------------------------------------------------------------------------
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

I found that the tls-sni challenge has been disabled (https://community.letsencrypt.org/t/2018-01-11-update-regarding-acme-tls-sni-and-shared-hosting-infrastructure/50188), if I am not wrong.
So could you tell me if I can upgrade my certificate and have a https secure connection for out website or not ?

Thanks
Stefano

6

Hi,

However you can’t obtain a certificate using SNI-01.

Can you please explain why do you want to use SNI-01?

Thank you

7

No I believe I don’t need.
It’s working.
https://www.controlli.eu/

Thanks

8

I think you subsequently understood this, but in this context these refer to different ways of proving your control of the domain name—not a property of the resulting certificate or of how the certificate is to be used.

9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.