Unexpected error: Failed authorization procedure

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: historiasdemiedo.es

I ran this command: certbot --apache; certbot renew --dry-run

It produced this output: Unexpected error: Failed authorization procedure

My web server is (include version): Apache 2.4

The operating system my web server runs on is (include version): Centos 7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

Hello. A month ago, I runned certbot --apache on my system for achiving certifications over three domains. All was ok. Then, I have installed joomla sites on this domains. Well, now I wanted to add a new domain on my system, and it is impossible. I have used / testing this two sentences.

certbot --apache
certbot certonly -d pulp69.com -d www.pulp69.com

In both cases, I have got this error message:

Failed authorization procedure. www.pulp69.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.pulp69.com/.well-known/acme-challenge/AlbvoSoEAPAiVzHFl55oJzupffDWebv5ts12gsW06f4: "

Then, I thought that I could have problems with a possible renewal process with other domains already installed, and I runned this sentence for testing purposes:

certbot renew --dry-run

Well, for my surprising, one othe three domains yet installed (novelaspulp.com) give me the same error above pointed.

What mean all this erros? How can I to solve this situation?
Thanks!

2

Hi,

Please share us your real domain name.
It’s impossible to help without it.

Thank you

3

Ok. I did it. They are domains for testing purposes

4

Hi,

Those domain have not been configtured correctly for serving contents (hense it would only show a apache status page)

Please configture those virtual host correctly before requesting an certificate.

Thank you

5

Yes, there was a problem due to a redirection because i was doing a test. Now, I think that it is fixed, however the problem described above goes on. Some clue what I should do?

6

Hi,

Now the domain above redirects to a parking page.

Thank you

7

Hello. It is strange, not redirects to a parking page. It was so until yesterday, then I changed IP target for this domain to my server. Maybe, you get old dns cache. It load now a simple index.html with “page in construction” message.

8

SOLVED!!! :smiley:

First problem: I could not add a new domain because there was a error in ipV6 (AAAA) on domain registrart. I deleted AAAA record.

Second problem: I could not execute cerbot --dry -run test because one of my domains was behind clouflare, and one options enabled to force https conexion always. At first I thought that it was for discrepances between Full and Full Strict SSL option (what is the diference?), but it was disable https route, and cerbot test runned with succed :slight_smile:

9

https://support.cloudflare.com/hc/en-us/articles/200170416-What-do-the-SSL-options-mean-

10

If you intend to always use CloudFlare, see also

It may be a better option than Let’s Encrypt certificates for your origin server, since CloudFlare would be the only entity that consumes (verifies) it.

11

Thanks for the info. I unknow this. I am going to investigate about it. Then, I wonder me if it is possible to have both, Lets Encrytped and Origin CA together on same server, each one for your respective domain. In this case, I think that should delete Lets Encripted certification only for this domain with Cloudflare DNS, and then to use CA Origin in his place. What is the best way for deleting Lets Encripted certification only for this domain, without to affect to the rest?

12

Do you mean that you have other sites hosted on the same server that don’t use CloudFlare?

13

Yes. By the moment I am doing tests, before to use my VPS server on production enviroment. For this reason, I have on this server two domains with cloudflare, and two domains without cloudflare, and all of them with Lets Encripted Certification.

14

You can edit the web server configuration to point at a different private key and certificate, which can be the ones provided by CloudFlare.

15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.