Unauthorized - Invalid response

#1

My domain is:

ead.ibad.com.br

I ran these commands:

certbot --apache
certbot -a webroot -i apache -w /var/www/html/ -d ead.ibad.com.br -d www.ead.ibad.com.br
certbot certonly -a apache -w /var/www/html/ -d ead.ibad.com.br -d www.ead.ibad.com.br

It produced this output:

Failed authorization procedure. ead.ibad.com.br (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response fromB92lFw7cDyZwwSHPsI6YqTBUww [192.241.161.63]: "\n<html itemscope itemtype=“http://schema.org/WebPage” lang=“pt-BR”>\n\n\t<meta charset=“UTF-8”

IMPORTANT NOTES:

My web server is (include version):

Apache 2.4.7

The operating system my web server runs on is (include version):

Ubuntu 14.04.5 LTS

My hosting provider is:

DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know):

Yes

I’m using a control panel to manage my site:

No

The version of my client is:

certbot 0.28.0

Additional Information:

It’s a wordpress site. There’s two plugins that might affect the result:

  • one for forcing https;
  • and another one for links redirection.

I tried disabling them but I still got the same problem.

I have created two files in:

http://ead.ibad.com.br/.well-known/acme-challenge/test
http://ead.ibad.com.br/.well-known/acme-challenge/test.txt
http://www.ead.ibad.com.br/.well-known/acme-challenge/test
http://www.ead.ibad.com.br/.well-known/acme-challenge/test.txt

Using Chrome both non-www links redirect to https and both www remains http.
Using Firefox all links remains in http.
Both browsers open the files instead of downloading them.

I also tested “Let’s Debug” and everything seems to be fine.

https://letsdebug.net/ead.ibad.com.br/39396
https://letsdebug.net/www.ead.ibad.com.br/39397

And also “Check Your Website Server”

But I am not sure what should I be looking for. I notice that I get “RemoteCertificateNameMismatch” when trying to access the well-known through www, which probably explains why I can’t access https, and also the non-www which returns nothing.

Here is the Transparency logs:

https://crt.sh/?q=ead.ibad.com.br

What should I do?

Regards,

Ibad.

#2

Hi @ibad

what’s the complete path of that test file?

That should work with

That

is a mix - if you use -a apache, the -w parameter isn’t used.

But I don’t understand your output. Is this the output of the webroot version?

Because your last check ( https://check-your-website.server-daten.de/?q=ead.ibad.com.br )

has redirects http + /.well-known/acme-challenge to https, your output doesn’t have a https answer.

#3

Hello, JuergenAuer. Thanks for the quick response!

The complete path to the test file is:

/var/www/html/ead.ibad.com.br/.well-known/acme-challenge/test

Thanks for pointing it out for me!

Yes it is. Sorry for not pointing it out.

If I run certbot --apache I get this result:

Failed authorization procedure. ead.ibad.com.br (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://ead.ibad.com.br/.well-known/acme-challenge/_fgVhWoDe1zos17MLZ0UOjC396SL8dwSxFE4aAIJwZg [192.241.161.63]: "\n<html itemscope itemtype=“http://schema.org/WebPage” lang=“pt-BR”>\n\n\t<meta charset=“UTF-8”>\n\t<meta name=“v”

IMPORTANT NOTES:

I am a bit confused but, taking a look now at the output from certbot --apache command I forgot to put, I could see the https. Is this what you are referring to?

1 Like
#4

If this

works, then that

/var/www/html/ead.ibad.com.br

is your webroot. So try it with that webroot.

1 Like
#5

Hello @JuergenAuer!

I ran the command:

certbot -a webroot -i apache -w /var/www/html/ead.ibad.com.br -d ead.ibad.com.br -d www.ead.ibad.com.br

And it worked!

Thank you so much for all your support!

1 Like