-1

I'm receiving the following error when attempting to renew my ssl certificate

Failed authorization procedure. karaokeottawa.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://karaokeottawa.com/.well-known/acme-challenge/9r6EbnCikawdhdRogJArWveNngC5bu7T9Cp5fNISWwg [45.77.185.160]: "<!doctype html>\n<!--[if lt IE 7]> <html class=\"ie6 oldie\"> <![endif]-->\n<!--[if IE 7]> <html class=\"ie7 oldie\"> <![endif]-->\n"

IMPORTANT NOTES: - The following errors were reported by the server:

Domain: karaokeottawa.com Type: unauthorized Detail: Invalid response from https://karaokeottawa.com/.well-known/acme-challenge/9r6EbnCikawdhdRogJArWveNngC5bu7T9Cp5fNISWwg [45.77.185.160]: "<!doctype html>\n<!--[if lt IE 7]> <html class=\"ie6 oldie\"> <![endif]-->\n<!--[if IE 7]> <html class=\"ie7 oldie\"> <![endif]-->\n"

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.

Ian Arman
  • 123
  • 3
  • 8
  • 15

3 Answers3

0

Had the same error message, in my case it turned out to be an ipv6 AAAA record that was left in place after the A record was updated to new server.

Certbot defaulted to IPv6 so went to the wrong server and verification failed.

Domain: www.example.com
   Type:   unauthorized
   Detail: 6a01:3f8:fff0:8e::2: Invalid response from
   https://www.example.com/.well-known/acme-challenge/sjSOHsF8C9WrUp4tW0JjnzQ5KTP78HuYACMd7evbtaI:
   404

If you see entry like above it might be same issue, note format on the Detail: line.

Mark Walker
  • 133
  • 1
  • 7
0

I solved the problem by running the following command

certbot certonly --agree-tos --expand --authenticator webroot --installer apache -d karaokeottawa.com,www.karaokeottawa.com --webroot-path /var/www/html/

Ian Arman
  • 123
  • 3
  • 8
  • 15
0

In my case, apparmor was blocking a socket file in /var/run/, and that showed up in /var/log/audit/audit.log and /var/log/apache2/error-${sitename}.log. Whitelisting that file fixed it.

So be sure to check file those logs, file permissions, and LSM policies.

Peter
  • 2,756
  • 1
  • 20
  • 26