Cannot create a ssl certificate with letsencrypt and certbot

April 17, 2019 1.1k views
Let's Encrypt Nginx Ubuntu 16.04

Hi there I cannot create a ssl certificate with letsencrypt and certbot for my website.
Can someone please help me. The old website is still running on another server but the new website I have constructed is on the new server which I am trying to create the cert.

This is the command I run in the bash
sudo certbot --nginx -d glima.is -d www.glima.is

And here is the results when certbot runs.

Failed authorization procedure. www.glima.is (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.glima.is/.well-known/acme-challenge/i0H7vf5uI1BFKfb_EFpxHIhWtW6b4_UlaXr2lrUcXy8 [185.112.145.172]: "<!DOCTYPE html>\n<html>\n<head>\n <title>i-MSCP internet - Multi Server Control Panel - Error 404</title>\n <meta http-equiv='", glima.is (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://glima.is/.well-known/acme-challenge/vnTQAlnaIHH0XwWODjX39TvSVDHBvwsytbTw2ETSN-4 [185.112.145.172]: "<!DOCTYPE html>\n<html>\n<head>\n <title>i-MSCP internet - Multi Server Control Panel - Error 404</title>\n <meta http-equiv='"

IMPORTANT NOTES:

  • The following errors were reported by the server:

Domain: www.glima.is
Type: unauthorized
Detail: Invalid response from
http://www.glima.is/.well-known/acme-challenge/i0H7vf5uI1BFKfb_EFpxHIhWtW6b4_UlaXr2lrUcXy8
[185.112.145.172]: "<!DOCTYPE html>\n<html>\n<head>\n
<title>i-MSCP internet - Multi Server Control Panel - Error
404</title>\n <meta http-equiv='"

Domain: glima.is
Type: unauthorized
Detail: Invalid response from
http://glima.is/.well-known/acme-challenge/vnTQAlnaIHH0XwWODjX39TvSVDHBvwsytbTw2ETSN-4
[185.112.145.172]: "<!DOCTYPE html>\n<html>\n<head>\n
<title>i-MSCP internet - Multi Server Control Panel - Error
404</title>\n <meta http-equiv='"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

1 Answer

Greetings!

It looks like your web application is redirecting this traffic, so LE is unable to verify the .well-known directory over http. You can either add an exclusion for the .well-known directory in your Nginx configuration, or try doing a DNS challenge instead of HTTP. I found a guide for doing the DNS challenge here:

https://www.bennadel.com/blog/3420-obtaining-a-wildcard-ssl-certificate-from-letsencrypt-using-the-dns-challenge.htm

Here is something I found for setting up the .well-known directory in your Nginx config:

https://community.letsencrypt.org/t/how-to-nginx-configuration-to-enable-acme-challenge-support-on-all-http-virtual-hosts/5622

Jarland

Have another answer? Share your knowledge.