Unauthorized/Invalid Response even though A record is configured

rchase · February 25, 2019, 11:06pm

I ran this command:
certbot --apache --email rchase@hostifi.net --agree-tos --no-eff-email --domain gmubnt.co.uk --no-redirect --debug-challenges -v --preferred-challenge http

It produced this output:

.... Calling registered functions Cleaning up challenges Exiting abnormally: Traceback (most recent call last): File "/usr/bin/certbot", line 11, in load_entry_point('certbot==0.28.0', 'console_scripts', 'certbot')() File "/usr/lib/python3/dist-packages/certbot/main.py", line 1340, in main return config.func(config, plugins) File "/usr/lib/python3/dist-packages/certbot/main.py", line 1094, in run certname, lineage) File "/usr/lib/python3/dist-packages/certbot/main.py", line 121, in _get_and_save_cert lineage = le_client.obtain_and_enroll_certificate(domains, certname) File "/usr/lib/python3/dist-packages/certbot/client.py", line 392, in obtain_and_enroll_certificate cert, chain, key, _ = self.obtain_certificate(domains) File "/usr/lib/python3/dist-packages/certbot/client.py", line 335, in obtain_certificate orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names) File "/usr/lib/python3/dist-packages/certbot/client.py", line 371, in _get_order_and_authorizations authzr = self.auth_handler.handle_authorizations(orderr, best_effort) File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations self._respond(aauthzrs, resp, best_effort) File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 161, in _respond self._poll_challenges(aauthzrs, chall_update, best_effort) File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 232, in _poll_challenges raise errors.FailedChallenges(all_failed_achalls) certbot.errors.FailedChallenges: Failed authorization procedure. gmubnt.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://gmubnt.co.uk/.well-known/acme-challenge/dYlSc7IuLqD9xyfM9R4QXG1k1QUOD6EeJYkwyJYBoKU [2001:8d8:100f:f000::2fb]: 204 Failed authorization procedure. gmubnt.co.uk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://gmubnt.co.uk/.well-known/acme-challenge/dYlSc7IuLqD9xyfM9R4QXG1k1QUOD6EeJYkwyJYBoKU [2001:8d8:100f:f000::2fb]: 204

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: gmubnt.co.uk
Type: unauthorized
Detail: Invalid response from
http://gmubnt.co.uk/.well-known/acme-challenge/dYlSc7IuLqD9xyfM9R4QXG1k1QUOD6EeJYkwyJYBoKU
[2001:8d8:100f:f000::2fb]: 204

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

My web server is (include version):
Apache2

The operating system my web server runs on is (include version):
Debian 9

My hosting provider, if applicable, is:
VPS

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
0.28.0

_az · February 25, 2019, 11:29pm

The IPv4 and IPv6 addresses for your domain appear to point to different servers: https://letsdebug.net/gmubnt.co.uk/25020

rchase · February 26, 2019, 4:34pm

Thanks! I suspected this as well. I will talk to the customer.

rchase · February 26, 2019, 4:50pm

All resolved now after removing the AAAA, thanks again.

system · March 28, 2019, 4:50pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.