Unauthorized error when execute letsencrypt-auto

brunoliveiralcantara · July 30, 2017, 12:50am

I followed this tutorial to install letsencrypt on my server: https://digitaldavo.wordpress.com/2016/01/13/using-free-letsencrypt-https-ssl-on-bitnami-lamp-on-ec2/

Error I get while running:

sudo ./letsencrypt-auto certonly -w /home/bitnami/htdocs -d comunitaitaliana.com -d www.comunitaitaliana.com

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: www.comunitaitaliana.com
Type: unauthorized
Detail: Invalid response from
http://www.comunitaitaliana.com/.well-known/acme-challenge/PQUsLEQYKcuV0VSMPFTVMjo9R8XjhpW8aPv-oOj0Z9w:
"
"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

But my DNS is pointing correctly to my IP, the site is up in the air, see: http://www.comunitaitaliana.com

Patches · July 30, 2017, 1:42am

If the section in quotes you snipped from your post matches the HTML of your WordPress error page, your A record is correct.

I would guess you’re running into a common issue with WordPress where its .htaccess file for pretty URLs gets in the way of HTTP verification.

To override it, create a file /home/bitnami/htdocs/.well-known/acme-challenge/.htaccess with the following contents:

<IfModule mod_rewrite.c>
    RewriteEngine off
</IfModule>
Satisfy any

Then try obtaining a certificate again.

brunoliveiralcantara · July 30, 2017, 3:21am

Thanks for the help, buddy.

I tried to do what you said, and ran again to get the certificate, but it gave the same error

Patches · July 30, 2017, 5:21am

If you create a file /home/bitnami/htdocs/.well-known/acme-challenge/test.txt can you see it at http://www.comunitaitaliana.com/.well-known/acme-challenge/test.txt or do you get an error?

If not, please share with us the contents of /home/bitnami/htdocs/.htaccess so we can try and figure out what’s blocking accesses to this directory.

brunoliveiralcantara · July 30, 2017, 5:27am

Thank you very much.

I was not really accessing this directory publicly by url as the example you asked, but before seeing your answer I turned on the old machine that already had the keys generated for my certificate and copied the /etc/letsencrypt directory to my new machine .

Then I took the step of editing http.conf, adding the path of these keys:

SSLCertificateFile "/etc/letsencrypt/live/comunitaitaliana.com/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/comunitaitaliana.com/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/comunitaitaliana.com/fullchain.pem"

After that, the https returned perfectly.

See: https://www.comunitaitaliana.com

Hugs and thanks for the help @Patches.

schoen · July 30, 2017, 7:01am

Copying the /etc/letsencrypt directory is fine, but if there’s any doubt remaining about the renewal process, it will still be good to figure out what’s going on with the challenges because your most recent certificate for that domain will expire on October 24. So you will eventually need to be able to pass challenges from the CA to get a renewed certificate…

system · August 29, 2017, 7:01am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.