Unauthorized Error - Invalid response

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: toastertech.dyndns.org

I ran this command:
sudo certbot --apache
It produced this output:
sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel): toastertech.dyndns.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for toastertech.dyndns.org
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. toastertech.dyndns.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://toastertech.dyndns.org/.well-known/acme-challenge/b9Cfb48OOY3iJ2xDN2uTzJnj_dmTfIB1lCiT0vkppiw [50.68.192.200]: "\r\n<html xmlns=“http”

IMPORTANT NOTES:

My web server is (include version): IIS web server 2019

The operating system my web server runs on is (include version): windows server 2019

My hosting provider, if applicable, is: dyndns

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Using Ubuntu to create the certificate
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.31.0

You ran Certbot on Linux/Apache, but later mention that you are using Windows Server/IIS.

Could you clarify how these are connected?

At the moment I can’t connect to your domain, it appears to time out.

1 Like

Sorry this is the first time I have setup so I may be doing this incorrectly.

My website is on windows server IIS.

I was using ubuntu 18 to install certbot and ran the commands.

Should I be running the certbot commands on windows?

There wasn’t an option to choose IIS on the certbot instructions dropdown.

I turned off the website to the world right now and only allow specific ips at this time.

1 Like

You should run Certbot (or whatever other client you choose) on the same server where your webserver is running. Otherwise, Certbot won’t be able to perform the domain validation challenges required in order go get a certificate.

There is another client called Certify the Web which has native IIS support, you could try that.

It is possible to use Certbot on Windows, but you would have to manually specify the document root of your website, and then deploy the certificate to the IIS site by hand as well.

Okay, but in order to issue and renew Let’s Encrypt certificates, the site does need to be accessible from the internet.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.