Question
Error when installing SSL cert during installation of new vhost
- Posted on January 30, 2019
- ApacheDigitalOceanLAMP StackLet's EncryptUbuntu 18.04
Asked by jason36a9a48576be848f90992
Hello, this is my first post so kindly let me know if I’ve left out any important/required information. I’m hoping the community is able to assist with an issue that has me stuck and stumped. I’m encountering the below “unauthorized” error when attempting to install a new lets encrypt SSL cert on a new vhost (let’s call it mysite5.com) running on Ubuntu 18.04. This Droplet is currently and successfully hosting 6 other SSL letsencrypt vhosts.
I’m receiving the error when running :~$ sudo certbot --apache -d mysite5.com -d www.mysite5.com
There are 6 other existing vhosts on this Droplet (mysites1-4.com) that seem to be running without issues. Since this SSL error occurred during mysite5.com installation, I have installed 2 new sites (mysites6-7.com) without issue/errors. For unknown reason only mysite5.com is encountering problems at the step of using certbot to install letsencrypt SSL certs.
As far as I can tell, after retracing my steps many dozens of times, the mysite5.com vhost is setup correctly and identical as the other vhosts on this same Droplet; i.e. setup and configured vhost files; created and configured mysql db and user; downloaded, installed and configured wordpress in this new vhost directory; created and configured DNS (added two A records; @ and www).
One note that makes mysite5.com different than the other 6 vhosts… mysite5.com has been running successfully on an old 16.04 Droplet (no vhosts or httpS) for a couple of years. I’ve removed the DNS and shutdown the 16.04 Droplet before adding the DNS to this new 18.04 vhost SSL Droplet.
All that said, here’s the response/error I’m encountering for mysite5.com when running
:~$ sudo certbot – apache -d mysite5.com -d www.mysite5.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Obtaining a new certificate Performing the following challenges: http-01 challenge for mysite5.com http-01 challenge for www.mysite5.com Waiting for verification… Cleaning up challenges Failed authorization procedure. mysite5.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mysite5.com/.well-known/acme-challenge/3EqtTg2dzsX3FAX77TRwTg-DXgelGoqHNqD-vvFXHCo: “<!DOCTYPE html>\n<html lang="en-US">\n<head>\n \n <meta charset="UTF-8"/>\n <link rel="profile" href="http://gmpg.or”, www.mysite5.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.mysite5.com/.well-known/acme-challenge/c8qgJtNnCLk721_kwQRNrp4xOwe1yvDxh0z20-YM-FE: “<!DOCTYPE html>\n<html lang="en-US">\n<head>\n \n <meta charset="UTF-8"/>\n <link rel="profile" href="http://gmpg.or”
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: mysite5.com Type: unauthorized Detail: Invalid response from http://mysite5.com/.well-known/acme-challenge/3EqtTg2dzsX3FAX77TRwTg-DXgelGoqHNqD-vvFXHCo: “<!DOCTYPE html>\n<html lang="en-US">\n<head>\n \n <meta charset="UTF-8"/>\n <link rel="profile" href="http://gmpg.or”
Domain: www.mysite5.com Type: unauthorized Detail: Invalid response from http://www.mysite5.com/.well-known/acme-challenge/c8qgJtNnCLk721_kwQRNrp4xOwe1yvDxh0z20-YM-FE: “<!DOCTYPE html>\n<html lang="en-US">\n<head>\n \n <meta charset="UTF-8"/>\n <link rel="profile" href="http://gmpg.or”
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
What’s stumping me is that it’s saying “The client lacks sufficient authorization” yet this same client has no issues with the other vhosts/domains.
I’ve also checked firewall. UFW is allowing Apache Full and ports 80, 443.
What am I missing? Many thank you’s in advance!
PS. Maybe I need to remove this vhost and start over? I don’t mind but my somewhat beginner skills have never attempted something like this. Any advise or direction on how to go about this would be helpful too.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Want to learn more? Join the DigitalOcean Community!
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.
I have the same mistake. Did you find ?
I have this error on only one of the 8 domains registered with cerbot in one certificate.
I’m intrigued that the request is done on a link in http: //
Indeed, I have the impression, but I can be wrong, that I have this error since I switched to HSTS and that I immediately force the passage to https. As a result, the request in http: // can be erased?
I read something similar, a person had a redirection in the apache conf, and, by removing the redirect, the certbot renewal worked. That’s why I wonder if my HSTS configuration and my redirection that forces https can be in question.
If you could find, please share your solution, or, search track. Thank you.