Question
Error when installing SSL cert during installation of new vhost
Hello, this is my first post so kindly let me know if I’ve left out any important/required information. I’m hoping the community is able to assist with an issue that has me stuck and stumped. I’m encountering the below “unauthorized” error when attempting to install a new lets encrypt SSL cert on a new vhost (let’s call it mysite5.com) running on Ubuntu 18.04. This Droplet is currently and successfully hosting 6 other SSL letsencrypt vhosts.
I’m receiving the error when running :~$ sudo certbot –apache -d mysite5.com -d www.mysite5.com
There are 6 other existing vhosts on this Droplet (mysites1-4.com) that seem to be running without issues. Since this SSL error occurred during mysite5.com installation, I have installed 2 new sites (mysites6-7.com) without issue/errors. For unknown reason only mysite5.com is encountering problems at the step of using certbot to install letsencrypt SSL certs.
As far as I can tell, after retracing my steps many dozens of times, the mysite5.com vhost is setup correctly and identical as the other vhosts on this same Droplet; i.e. setup and configured vhost files; created and configured mysql db and user; downloaded, installed and configured wordpress in this new vhost directory; created and configured DNS (added two A records; @ and www).
One note that makes mysite5.com different than the other 6 vhosts.. mysite5.com has been running successfully on an old 16.04 Droplet (no vhosts or httpS) for a couple of years. I’ve removed the DNS and shutdown the 16.04 Droplet before adding the DNS to this new 18.04 vhost SSL Droplet.
All that said, here’s the response/error I’m encountering for mysite5.com when running
:~$ sudo certbot – apache -d mysite5.com -d www.mysite5.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mysite5.com
http-01 challenge for www.mysite5.com
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. mysite5.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mysite5.com/.well-known/acme-challenge/3EqtTg2dzsX3FAX77TRwTg-DXgelGoqHNqD-vvFXHCo: “<!DOCTYPE html>\n<html lang="en-US">\n<head>\n \n <meta charset="UTF-8"/>\n <link rel="profile" href="http://gmpg.or”, www.mysite5.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.mysite5.com/.well-known/acme-challenge/c8qgJtNnCLk721_kwQRNrp4xOwe1yvDxh0z20-YM-FE: “<!DOCTYPE html>\n<html lang="en-US">\n<head>\n \n <meta charset="UTF-8"/>\n <link rel="profile" href="http://gmpg.or”
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: mysite5.com
Type: unauthorized
Detail: Invalid response from
http://mysite5.com/.well-known/acme-challenge/3EqtTg2dzsX3FAX77TRwTg-DXgelGoqHNqD-vvFXHCo:
“<!DOCTYPE html>\n<html lang="en-US">\n<head>\n \n
<meta charset="UTF-8"/>\n <link rel="profile"
href="http://gmpg.or”
Domain: www.mysite5.com
Type: unauthorized
Detail: Invalid response from
http://www.mysite5.com/.well-known/acme-challenge/c8qgJtNnCLk721_kwQRNrp4xOwe1yvDxh0z20-YM-FE:
“<!DOCTYPE html>\n<html lang="en-US">\n<head>\n \n
<meta charset="UTF-8"/>\n <link rel="profile"
href="http://gmpg.or”
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
What’s stumping me is that it’s saying “The client lacks sufficient authorization” yet this same client has no issues with the other vhosts/domains.
I’ve also checked firewall. UFW is allowing Apache Full and ports 80, 443.
What am I missing? Many thank you’s in advance!
PS. Maybe I need to remove this vhost and start over? I don’t mind but my somewhat beginner skills have never attempted something like this. Any advise or direction on how to go about this would be helpful too.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×