Let's Encrypt Failed authorization

stevieb413 · February 3, 2019, 4:59pm

I did a version upgrade of nethserver and now my Let’s Encrypt cert will not renew so removed the cert /etc/letsencrypt/live/ and tried to regenerate however I’m getting the following error.

Failed authorization procedure.mydomain.net (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mydomain.net/.well-known/acme-challenge/ASqtyxmMh28USIfeLj3u3TnP9zT9vfPjn6-p429KBmE: “<!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”>\n<html><head>\n<title>403 Forbidden</title>\n</head><body>\n<h1>Forbidden</h1>\n<p”

any help with this matter would be greatly appreciated.

Steve

stevieb413 · February 3, 2019, 10:06pm

looked in /var/log/letsencryipt/ below is the output

2019-02-03 16:47:32,197:DEBUG:certbot.error_handler:Calling registered functions

2019-02-03 16:47:32,197:INFO:certbot.auth_handler:Cleaning up challenges

2019-02-03 16:47:32,198:DEBUG:certbot.plugins.webroot:Removing /var/www/html/.well-known/acme-challenge/NKKlRSM2sSW-HON1lKSz2s5lsdSO0zwpqbNXmb-xo2I

2019-02-03 16:47:32,198:DEBUG:certbot.plugins.webroot:All challenges cleaned up

2019-02-03 16:47:32,198:DEBUG:certbot.log:Exiting abnormally:

Traceback (most recent call last):

File "/usr/bin/certbot", line 9, in &lt;module&gt;

load_entry_point('certbot==0.29.1', 'console_scripts', 'certbot')()

File "/usr/lib/python2.7/site-packages/certbot/main.py", line 1352, in main

return config.func(config, plugins)

File "/usr/lib/python2.7/site-packages/certbot/main.py", line 1227, in certonly

lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)

File "/usr/lib/python2.7/site-packages/certbot/main.py", line 123, in _get_and_save_cert

lineage = le_client.obtain_and_enroll_certificate(domains, certname)

File "/usr/lib/python2.7/site-packages/certbot/client.py", line 410, in obtain_and_enroll_certificate

cert, chain, key, _ = self.obtain_certificate(domains)

File "/usr/lib/python2.7/site-packages/certbot/client.py", line 353, in obtain_certificate

orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)

File "/usr/lib/python2.7/site-packages/certbot/client.py", line 389, in _get_order_and_authorizations

authzr = self.auth_handler.handle_authorizations(orderr, best_effort)

File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 82, in handle_authorizations

self._respond(aauthzrs, resp, best_effort)

File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 161, in _respond

self._poll_challenges(aauthzrs, chall_update, best_effort)

File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 232, in _poll_challenges

raise errors.FailedChallenges(all_failed_achalls)

FailedChallenges: Failed authorization procedure. wellnessnorth.net (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://wellnessnorth.net/.well-known/acme-challenge/NKKlRSM2sSW-HON1lKSz2s5lsdSO0zwpqbNXmb-xo2I: "&lt;!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"&gt;\n&lt;html&gt;&lt;head&gt;\n&lt;title&gt;403 Forbidden&lt;/title&gt;\n&lt;/head&gt;&lt;body&gt;\n&lt;h1&gt;Forbidden&lt;/h1&gt;\n&lt;p"

federico.ballarini · February 5, 2019, 5:59pm

Try this:

Set selfsigned certificate as default.
Rename .well-known folder in .well-known.bak

Do this commands:
yum --enablerepo=nethserver-testing install nethserver-base nethserver-httpd nethserver-letsencrypt
config setprop pki LetsEncrypt enabled

Retry to request the certificate.