Unauthorized: Invalid response 404 Not Found


#1

Hello there!

I haven’t been unable to authorize my domain.

My domain is:
rusia2018.app

I ran this command:
sudo certbot --nginx --debug-challenges

It produced this output:
Failed authorization procedure. russia2018.app (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://russia2018.app/.well-known/acme-challenge/muuYioFCH94JpQ8LgE1t3UaGX7ziGFCFkBjyzD2W8BM

My web server is (include version):
nginx version: nginx/1.10.3

The operating system my web server runs on is (include version):
Ubuntu 16.04

My hosting provider, if applicable, is:
Linode

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

Some things I’ve tried:

  • While debugging authorization I could access the file via curl, from another machine, and got 200 OK
  • I’ve also tried manual authorization. I could access the file from curl, but got the same 404 error
  • I checked domain records and they seem fine
  • I can access the site (and /.well-known/acme-challenge/) via IPv6

I manually placed this file for testing purposes:
rusia2018.app/.well-known/acme-challenge/F-2TVGh_9TbmlACR31vZSIZiO--BHeQMGO_FYbHfUXs

Not sure where else to look now.

Thanks in advance for your help!


#2

Hi @daninfpj

---------------------UPDATE--------------------
@_az has answer for this question on Unauthorized: Invalid response 404 Not Found. MY answer is misleading… so don’t read mine…


I think you might want to enable port 443 and temporary setup an “trial” certificate (just to enbable Nginx Listening on 443 ssl port.)(Trial certificate can be obtained from comodo or others for free… Which allow us to visit your website and check what’s going on)

Because all latest browsers’ can’t visit your website due to hsts embedded & https port 443 is not opened.

I’m not sure if that’s what happens to your website (since I can’t even reach it)

Can you share us your virtual host setup for this domain? Cause that might be the issue.

Thank you


#3

Is it rusia2018.app or russia2018.app? Both are present in your post, and both point to your server …

None of the IPv6 variants of your domains allow access to the file.

~# curl -X GET -I -4 rusia2018.app/.well-known/acme-challenge/F-2TVGh_9TbmlACR31vZSIZiO--BHeQMGO_FYbHfUXs
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 25 May 2018 04:20:53 GMT
Content-Type: text/plain
Content-Length: 88
Last-Modified: Fri, 25 May 2018 03:04:13 GMT
Connection: keep-alive
ETag: "5b077d2d-58"
Accept-Ranges: bytes

~# curl -X GET -I -6 rusia2018.app/.well-known/acme-challenge/F-2TVGh_9TbmlACR31vZSIZiO--BHeQMGO_FYbHfUXs
HTTP/1.1 404 Not Found
Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 25 May 2018 04:20:58 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive

~# curl -X GET -I -4 russia2018.app/.well-known/acme-challenge/F-2TVGh_9TbmlACR31vZSIZiO--BHeQMGO_FYbHfUXs
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 25 May 2018 04:21:05 GMT
Content-Type: text/plain
Content-Length: 88
Last-Modified: Fri, 25 May 2018 03:04:13 GMT
Connection: keep-alive
ETag: "5b077d2d-58"
Accept-Ranges: bytes

~# curl -X GET -I -6 russia2018.app/.well-known/acme-challenge/F-2TVGh_9TbmlACR31vZSIZiO--BHeQMGO_FYbHfUXs
HTTP/1.1 404 Not Found
Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 25 May 2018 04:21:09 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive

This would indicate that your targeted nginx virtual hosts are not bound on IPv6 addresses (with listen) and nginx is probably falling back to the default virtual host for IPv6 addresses.


#4

It’s actually both domains.

Anyway, you were right, nginx wasn’t bound on IPv6 addresses. Strangely, I was getting 200 OK when running curl with -6 from my local machine, but after your reply I checked from another remote server and I was getting 404 Not Found.

I added listen [::]:80; to my nginx conf and it worked.

Thanks a lot!


#5

Thanks @stevenzhu, but I don’t think it is necessary to enable 443 to activate the certificates, as you can find elsewhere on this forum. The problem as @_az pointed out was nginx wasn’t bound on IPv6 addresses.


#6

True…

My sincere apology for misleading…

(Just realized my home’s IPV6 network is broken)


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.