Yet another key authorization file from the server did not match

Hi,

Can’t figure out why this certificate fail.
Double check IP address (54.36.18.58) -> OK.
Many other domain on this server runs with let’s Encrypt certificate without any problem.

Can someone help ?
Tanks.

My domain is: alalandaise.nl

I ran this command: certbot-auto --apache certonly -d alalandaise.nl -d www.alalandaise.nl

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for alalandaise.nl
http-01 challenge for www.alalandaise.nl
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. alalandaise.nl (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge [EdWOXvNFfdnWLPW4Rmqw462ShSZnavS2GcD1856hEyg.C3AC-dhg29SObLyYxTyk3Em-sLYrnZ7BC0-0cdLzVQQ] != [EdWOXvNFfdnWLPW4Rmqw462ShSZnavS2GcD1856hEyg.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8], www.alalandaise.nl (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge [b9xHFGfhby7Ov6S6HMddQnI_hvpg2HK0iwNXUXe451s.C3AC-dhg29SObLyYxTyk3Em-sLYrnZ7BC0-0cdLzVQQ] != [b9xHFGfhby7Ov6S6HMddQnI_hvpg2HK0iwNXUXe451s.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8]

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: alalandaise.nl
  Type: unauthorized
  Detail: The key authorization file from the server did not match
  this challenge
  [EdWOXvNFfdnWLPW4Rmqw462ShSZnavS2GcD1856hEyg.C3AC-dhg29SObLyYxTyk3Em-sLYrnZ7BC0-0cdLzVQQ]
  !=
  [EdWOXvNFfdnWLPW4Rmqw462ShSZnavS2GcD1856hEyg.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8]

  Domain: www.alalandaise.nl
  Type: unauthorized
  Detail: The key authorization file from the server did not match
  this challenge
  [b9xHFGfhby7Ov6S6HMddQnI_hvpg2HK0iwNXUXe451s.C3AC-dhg29SObLyYxTyk3Em-sLYrnZ7BC0-0cdLzVQQ]
  !=
  [b9xHFGfhby7Ov6S6HMddQnI_hvpg2HK0iwNXUXe451s.4E3VCTFsySjUrqnCg0ooULx-3kbdPBygi0aWkvg5Gd8]

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

My web server is (include version): apache 2.4.25

The operating system my web server runs on is (include version): Debian 9.1

My hosting provider, if applicable, is: OVH

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): NO

Hi @Kapoff,

Could you please place a test file in /path/to/alalandaise.nl/webroot/.well-known/acme-challenge/?

echo -n "This is a test for alalandaise.nl" > /path/to/alalandaise.nl/webroot/.well-known/acme-challenge/test

Of course, change /path/to/alalandaise.nl/webroot/ with the real path

Cheers,
sahsanu

Thanks for your response @Sahsanu.
It’s done : http://www.alalandaise.nl/.well-known/acme-challenge/test

Thank you @Kapoff.

I get te right file trying to request it using your IPv4 address:

$ curl -ikL4 www.alalandaise.nl/.well-known/acme-challenge/test
HTTP/1.1 200 OK
Date: Fri, 09 Feb 2018 13:07:56 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Fri, 09 Feb 2018 12:52:20 GMT
ETag: "21-564c6ffbf236e"
Accept-Ranges: bytes
Content-Length: 33
Cache-Control: max-age=2592000
Expires: Sun, 11 Mar 2018 13:07:56 GMT

This is a test for alalandaise.nl⏎            

But I get a not found error using your IPv6 address:

$ curl -ikL6 www.alalandaise.nl/.well-known/acme-challenge/test
HTTP/1.1 404 Not Found
Set-Cookie: clusterBAK=R1564868203; path=/; expires=Fri, 09-Feb-2018 14:27:14 GMT
Date: Fri, 09 Feb 2018 13:07:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Set-Cookie: cluster=R2881524327; path=/; expires=Fri, 09-Feb-2018 14:19:34 GMT
Server: Apache
X-Powered-By: PHP/5.6.32
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-UA-Compatible: IE=edge
Link: <http://www.alalandaise.nl/wp-json/>; rel="https://api.w.org/"
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-IPLB-Instance: 186

<!DOCTYPE html>
<html class="" lang="nl-NL" prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb# og: http://ogp.me/ns#">
<head>
[...]
<script>(function(d, s, id) {
  var js, fjs = d.getElementsByTagName(s)[0];
  if (d.getElementById(id)) return;
  js = d.createElement(s); js.id = id;
  js.src = "//connect.facebook.net/fr_FR/sdk.js#xfbml=1&version=v2.3";
  fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script>
                <!--[if lte IE 8]>
                        <script type="text/javascript" src="http://www.alalandaise.nl/wp-content/themes/Avada/assets/js/respond.js"></script>
                <![endif]-->
        </body>
</html>

As Let’s Encrypt prefers IPv6 over IPv4 it is not getting the right challenge from your domain. You should review your IPv6 server/apache conf or remove the AAAA record for alalandaise.nl and www.alalandaise.nl.

Cheers,
sahsanu

Deleting IPV6 in DNS resolve the problem.
Thank you very much !

Support is really great.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.