Unauthorized error DNS


#1

Hello,

I’m trying to run certbot --apache on my ubuntu, but always getting this error:

Type: unauthorized
Detail: Invalid response from …

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.

Well, my domain is wrsat.com.br and it’s on a Plesk machine in another computer, I’m trying to activate lets encrypt on my subdomain mysubdomain.wrsat.com.br (that is our system to work, and it is on another machine than the public site wrsat.com.br)

I have 3 subdomains to activate let’s encrypt on, when running command I can see that the file is created on folder well-known but when the error occurs it is deleted, but if I create this folder manually and put a file in there, then I can acess from everywhere by mysubdomain.wrsat.com.br/.well-known/etc… (file) with no problems.

The DNS are set correctly, all subdomains I can acess from anywhere.

Is there any solution? Is this problem caused because my main domain wrsat.com.br is in a server and subdomains in another server?

I really aprecciate any help

Thank you.


#2

Boa tarde @casimioni,

Are you running the --apache command directly on the mysubdomain.wrst.com.br system?

Does the subdomain have an IPv6 AAAA record, or only an IPv4 A record?

It would be helpful to know what version of Certbot you’re using, and what the exact error message with the “Invalid response” was. The certificate authority should have indicated exactly how your machine responded to the challenge, which might provide clues to what’s going wrong.


#3

I’m running the command directly on subdomain.

It has only a IPv4 A record.

This is the error:

IMPORTANT NOTES:


#4

Hi,

We would need to know your domain name in order to help you…

Thank you


#5

Subdomain is sistema.wrsat.com.br


#6

Calling

http://sistema.wrsat.com.br/.well-known/acme-challenge/7SXTkWbCy2IPypvGcdX5tu7JoK9OrOy79_OohwNU2qY

I got a 404:

404
Desculpe, mas esta página que está tentando visitar não existe.

Can you put a simple text-file there, something like

/.well-known/acme-challenge/sample.txt


#7

It’s done, sample.txt


#8

http://sistema.wrsat.com.br/.well-known/acme-challenge/sample.txt

works, sends a http-status 200.

What’s the complete error:

Detail: Invalid response from
http://mysubdomain.wrsat.com.br/.well-known/acme-challenge/7SXTkWbCy2IPypvGcdX5tu7JoK9OrOy79_OohwNU2qY
"
<html"


#9

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for sistema.wrsat.com.br
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. sistema.wrsat.com.br (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://sistema.wrsat.com.br/.well-known/acme-challenge/4QbKDNiECUi0dplhGqp9wNow8Qr4gDgR30_BRzz5euk: "
<html"

IMPORTANT NOTES:


#10

That does appear to have an AAAA record, which seems to be incorrect. I don’t know if that’s the cause of this problem (if so, the error message is a little surprising) but it’s probably worth fixing anyway.


#11

I’ve removed the AAAA registry, and now https://letsdebug.net/sistema.wrsat.com.br/1570 , it shows no error, but I’m still getting the same error on certbot.


#12

Could you please post the log from /var/log/letsencrypt associated with your most recent effort to obtain a certificate?


#13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.