Unauthorized, invalid response


#1

Hello guys, I am trying to use LetsEncrypt like third day in row, but it still does not work… Please help

My domain is: gazdohome.duckdns.org

I ran this command:
homeassistant@raspberrypi:~/certbot $ sudo systemctl stop home-assistant@homeassistant.service

homeassistant@raspberrypi:~/certbot $ sudo service apache2 stop

homeassistant@raspberrypi:~/certbot $ ./certbot-auto certonly --standalone --preferred-challenges http --email ma****@ga****.sk -d gazdohome.duckdns.org

It produced this output:

Requesting to rerun ./certbot-auto with root privileges…

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator standalone, Installer None

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for gazdikovci.duckdns.org

Waiting for verification…

Cleaning up challenges

Failed authorization procedure. gazdikovci.duckdns.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://gazdikovci.duckdns.org/.well-known/acme-challenge/NXDYba9T-fFSsoc2YIbvXXtEsOs6iISbBKBM2I8XDB0: "<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">\r\n<html"

IMPORTANT NOTES:

  • The following errors were reported by the server:

Domain: gazdikovci.duckdns.org

Type: unauthorized

Detail: Invalid response from

http://gazdikovci.duckdns.org/.well-known/acme-challenge/NXDYba9T-fFSsoc2YIbvXXtEsOs6iISbBKBM2I8XDB0:

"<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN”

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">\r\n<html"

To fix these errors, please make sure that your domain name was

entered correctly and the DNS A/AAAA record(s) for that domain

contain(s) the right IP address.

My web server is (include version): ??? Used standalone, turned off apache2 of course, also tried with apache2, result was the same

The operating system my web server runs on is (include version): “Raspbian GNU/Linux 9 (stretch)”

My hosting provider, if applicable, is: Orange Slovakia

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

During Apache2 was running i tried http://gazdikovci.duckdns.org/.well-known/acme-challenge/test and it worked well… So i dont know where problem is


#2

Hi @gazdikm

checking your domain (via https://check-your-website.server-daten.de/?q=gazdikovci.duckdns.org ) your /.well-known/acme-challenge - subdirectory is curious:

Domainname Http-Status redirect Sec. G
http://gazdikovci.duckdns.org/
95.105.229.44 200 0.070 H
http://www.gazdikovci.duckdns.org/
95.105.229.44 200 0.070 H
https://gazdikovci.duckdns.org/
95.105.229.44 -2 1.094 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 95.105.229.44:443
https://www.gazdikovci.duckdns.org/
95.105.229.44 -2 1.090 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 95.105.229.44:443
http://gazdikovci.duckdns.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
95.105.229.44 200 0.070
http://www.gazdikovci.duckdns.org/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
95.105.229.44 200 0.070

There is a http status 200, not the expected value 404 (not found).

Loading the url via browser there is a redirect to

https://95.105.229.44:80/

which is wrong. IP-address and https over port 80.

What’s configured?


#3

http://gazdohome.duckdns.org/ is running a strange HTTP server. It’s not Apache.

Is there a port forwarding configuration forwarding it to a different server?


#4

I am really sorry, but I am not pretty sure how it should work.
All i have done is:
Made IPv4 LAN IP Address STATIC (to my raspberry server)
Port Replication for port 80 and 443
and run

sudo -u homeassistant -H -s mkdir certbot
cd certbot/ wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto ./certbot-auto certonly --standalone --preferred-challenges http-01 --email your@email.address -d examplehome.duckdns.org

There was running Home Assistant, but now i turned it off because of this installation…

What configuration should i check Please ?

Thanks for helping me guys :slight_smile: I appreciate that


#5

Checking your http://gazdikovci.duckdns.org/ with my browser there is the same:

A redirect to

https://95.105.229.44:80/

but not a http status redirect, instead a JavaScript redirect:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Pragma" content="no-cache" />
<title></title>
<script language="JavaScript" type="text/javascript">
var SSLPort ='80';
var SSLHostIp ='95\x2e105\x2e229\x2e44';
function LoadFrame()
{
window.location="https://" + SSLHostIp + ":" + SSLPort;
}
</script>
</head>
<body class="mainbody" onLoad="LoadFrame();"> 
</body>
</html>

Remove that with comments:

/*
window.location="https://" + SSLHostIp + ":" + SSLPort;
*/

Is it possible that you find your webroot of your server? If yes, use something like

certbot run certonly -a webroot  -w yourWebRoot -d firstdomain -d seconddomain

#6

Whatever that web server is, it’s still running.


#7

now there is apache2 only. everything works fine, but installation still fails


#8

The web server on http://gazdohome.duckdns.org/ isn’t Apache.


#9


#10

That’s not what we get when accessing it from the Internet.

I don’t have a screenshot but @JuergenAuer showed the HTML above.


#11

did you try it now ? During discussion, i started apache2 service…


#12

It’s still the same. Though one request I made timed out.


#13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.