Acme challenge 404 error

Question

Acme challenge 404 error

Opened this issue 9 years ago · 15 comments

I'm getting this error while running 'letsencrypt-vesta admin mydomain.com':

Failed authorization procedure. www mydomain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www mydomain.com/.well-known/acme-challenge/some gibberish [Server IP]: 404, mydomain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http:// mydomain.com/.well-known/acme-challenge/some gibberish [Server IP]: 404

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: www mydomain.com
Type: urn:acme:error:unauthorized
Detail: Invalid response from http://www mydomain.com/.well-known
/acme-challenge/some gibberish
[Server IP]: 404

Domain: mydomain.com
Type: urn:acme:error:unauthorized
Detail: Invalid response from http:// mydomain.com/.well-known/acme-
challenge/some gibberish
[Server IP]: 404

The same exact setup while using CentOS 6 instead of CentOS 7 it works fine and it generates cert. Only when using CentOS 7 i get this issue. I turned off the server firewall just in case.

Answer 1 · 2016-02-09T18:41:59.000Z

I solved this by using 'letsencrypt-auto' and 'public_html' as webroot. 'letsencrypt-vesta' didn't work for me so i had to apply it via the control panel manually.

Answer 2 · 2016-02-10T19:08:25.000Z

I had the same problem but after checking my config it worked. You get this errors when your apache and/or nginx config isn't set correctly. The ACME client cannot reach your server and the authentication fails. Retry to config your setup from the readme and it should work.

Answer 3 · 2016-03-08T19:49:10.000Z

I cant get this to work either, you should probably fix something.
I am running CentOS 7 with latest VestaCP
How can this be fixed to work easy on centos 7?

Answer 4 · 2016-03-22T15:12:30.000Z

I have the same problem on Ubuntu 14.04. How to solve this?

Thanks,

Answer 5 · 2016-03-23T15:10:24.000Z

This config works to me

Answer 6 · 2016-04-21T22:29:20.000Z

I will try spinning up a couple of test servers to try to recreate this as soon as I can. I'm primarilly using CentOS 6.x boxes right now. I did some testing on CentOS 7 and on Ubuntu before the last update was published, but I may not have hit all the right use cases.

In order to help me in testing, please update this ticket with the following:

OS and version
Whether you're using the standard Apache-Nginx config, or an Apache-only or Nginx-only configuration.
If using both Apache and Nginx, which server did you configure the to handle acme-challenge requests?

Also, if using Nginx to handle the acme-challenge, be sure that you've properly configured all of your sites. Unlike Apache, Nginx doesn't have the concept of a "global configuration," so the alias to the acme-challenge directory needs to be added to each and every site's configuration. This is done by adding the configuration listed in the README file to any and all relevant Nginx templates in /usr/local/vesta/data/templates/web/nginx (and subdirectories thereof) AND running [[v-rebuild-web-domains USERNAME]] for every users AND restarting nginx to make it all take effect.

Answer 7 · 2016-06-20T12:30:47.000Z

I'm also getting the same error. I'm using nginx only
I did the following to troubleshoot the problem

I checked the /etc/letsencrypt/webroot directory and it was empty.
I created a file /etc/letsencrypt/webroot/test.html and visited mysite.com/.well-known/acme-challenge/test.html and it opens, but the acme challenge url always returns a 404.

So I suppose the challenge file is not being written to the /etc/letsencrypt/webroot/ directory

Answer 8 · 2016-08-01T21:25:14.000Z

same issue

Answer 9 · 2016-08-17T06:03:01.000Z

i'm using the vesta default apache+nginx configuration and solved the issue by
cd /home/admin/web/mydomain.tld/public_html
and only after that I ran letsencrypt-vesta admin mydomain.tld

Answer 10 · 2016-12-15T13:56:48.000Z

@mikhailnov
Sorry, I am having the same problem but I couldnt understand what you mean by
"cd /home/admin/web/mydomain.tld/public_html"
just by CD'ing into the path of your domain resolved it ?!
or do you mean you created ( or removed ) a file ? ( index.html ? )
Thanks for any help !

Answer 11 · 2016-12-18T12:52:39.000Z

I meant that I first changed the terminal working directory to that one and ran the command from there. But i'm not sure whether it will work now.
Try installing vim-common package

Answer 12 · 2016-12-18T12:53:58.000Z

Sorry, I meant that the last Vesta release has a built in capability to obtaain Letencrypt certificate and it has a command line interface. Install vim-common and use it (or the web GUI). Installing vim-common solves error 400.

Answer 13 · 2016-12-18T17:07:53.000Z

thank you @mikhailnov - it worked.

Answer 14 · 2016-12-18T18:07:13.000Z

What exactly worked? 15 декабря 2016 г. 16:56:49 GMT+03:00, integrateddigital <notifications@github.com> пишет:

…

@mikhailnov Sorry, I am having the problem but I couldnt understand what you mean by "cd /home/admin/web/mydomain.tld/public_html" just by CD'ing into the path of your domain resolved it ?! or do you mean you created ( or removed ) a file ? ( index.html ? ) Thanks for any help ! -- You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub: #11 (comment)

-- Простите за краткость, создано в K-9 Mail.

Answer 15 · 2017-04-07T09:02:26.000Z

I resolved this issue by removing:

include /home/impact/conf/web/(s)nginx.domain.com.conf*;

the s from snginx.conf when including the automatically created files by vesta.

Hope that helps.