Open josenoveli opened 7 years ago
hei, I have the same problem. the key challange appears ri be different from the key obtain from the server.
@nubinter I had already installed it on another server. Can not you revoke the old one?
Hello,
Does anybody have a clue or solution for this?
It's the first time this is happening to me :\ Usually, it goes well (and my DNS zones are ok for the www and non-www)
I am having the same issues (example.com is intentional to replace the real domain name)
root@server:~# letsencrypt-vesta admin example.com Saving debug log to /var/log/letsencrypt/letsencrypt.log Obtaining a new certificate Performing the following challenges: http-01 challenge for example.com http-01 challenge for www.example.com Using the webroot path /etc/letsencrypt/webroot for all unmatched domains. Waiting for verification... Cleaning up challenges Failed authorization procedure. www.example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge [SpF5RYoAUL7KwL2wcS-vsrJb53pmeIKKn6U9SmMyMYU.beYaC8qzUM_StuviLZkDy-IMn7twZbTthcdtLGvfv_Y] != [SpF5RYoAUL7KwL2wcS-vsrJb53pmeIKKn6U9SmMyMYU.JZBgjnhAN-WRJGBziNjLkVP-uvfOXwX_XDx2tUx1rEs], example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge [t4jqnRu-wXy57VMjdx0mzNdBpSTGvWLvh645hGcYC6c.beYaC8qzUM_StuviLZkDy-IMn7twZbTthcdtLGvfv_Y] != [t4jqnRu-wXy57VMjdx0mzNdBpSTGvWLvh645hGcYC6c.JZBgjnhAN-WRJGBziNjLkVP-uvfOXwX_XDx2tUx1rEs] IMPORTANT NOTES: - The following errors were reported by the server: Domain: www.example.com Type: unauthorized Detail: The key authorization file from the server did not match this challenge [SpF5RYoAUL7KwL2wcS-vsrJb53pmeIKKn6U9SmMyMYU.beYaC8qzUM_StuviLZkDy-IMn7twZbTthcdtLGvfv_Y] != [SpF5RYoAUL7KwL2wcS-vsrJb53pmeIKKn6U9SmMyMYU.JZBgjnhAN-WRJGBziNjLkVP-uvfOXwX_XDx2tUx1rEs] Domain: example.com Type: unauthorized Detail: The key authorization file from the server did not match this challenge [t4jqnRu-wXy57VMjdx0mzNdBpSTGvWLvh645hGcYC6c.beYaC8qzUM_StuviLZkDy-IMn7twZbTthcdtLGvfv_Y] != [t4jqnRu-wXy57VMjdx0mzNdBpSTGvWLvh645hGcYC6c.JZBgjnhAN-WRJGBziNjLkVP-uvfOXwX_XDx2tUx1rEs] To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Let's Encrypt returned an error status. Aborting. root@server:~#
Anyone with the solution, I already have A record @ and www to my server ip address
@OpenCodeLatino what I ended up doing was a fresh install of the OS and started all over again to bump into another bug here
My issue was caused by the .htaccess of the folder/site i was trying to certificate.
I had a prestashop site running in the folder i was trying to certificate and the htaccess was causing the issue. I emptied the folder (moved the site to a subfolder) and tried again. At this moment it worked.
Hope it helps.
Same problem here, fresh install of VESTACP
Problem still exists anyone have a fix?
Same issue. Pasting my debug log from /var/log/letsencrypt/letsencrypt.log Any help pls
2017-08-09 14:01:30,273:DEBUG:certbot.main:certbot version: 0.17.0
2017-08-09 14:01:30,274:DEBUG:certbot.main:Arguments: ['-t', '--renew-by-default', '--agree-tos', '--webroot', '-w', '/etc/letsencrypt/webroot', '--server', 'https://acme-v01.api.letsencrypt.org/directory', '-m', 'saiy2k@gmail.com', '-d', 'gethugames.in,www.gethugames.in']
2017-08-09 14:01:30,274:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2017-08-09 14:01:30,297:DEBUG:certbot.log:Root logging level set at 20
2017-08-09 14:01:30,299:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-08-09 14:01:30,301:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2017-08-09 14:01:30,315:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7fa13caaed90>
Prep: True
2017-08-09 14:01:30,317:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7fa13caaed90> and installer None
2017-08-09 14:01:30,328:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(status=None, contact=(u'mailto:saiy2k@gmail.com',), agreement=u'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf', key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7fa13ca85450>)>)), uri=u'https://acme-v01.api.letsencrypt.org/acme/reg/19738553', new_authzr_uri=u'https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service=u'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'), c59a3c1b98cc84e08a234786eb55ae49, Meta(creation_host=u'grassrootapps.in', creation_dt=datetime.datetime(2017, 8, 9, 8, 48, 59, tzinfo=<UTC>)))>
2017-08-09 14:01:30,331:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
2017-08-09 14:01:30,345:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-08-09 14:01:30,984:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 460
2017-08-09 14:01:30,986:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 460
Boulder-Request-Id: nOY0-tpubCC3k9PKblbORyDmSzadycDYz51wdkidMKc
Replay-Nonce: 2q5edZ1p2uMyf7wb4izXehLVsWOojkMiMFLYvVyXzro
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 09 Aug 2017 14:01:30 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 09 Aug 2017 14:01:30 GMT
Connection: keep-alive
{
"key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
"meta": {
"terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"
},
"new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
"new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
"new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
"revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}
2017-08-09 14:01:30,988:INFO:certbot.main:Obtaining a new certificate
2017-08-09 14:01:30,989:DEBUG:acme.client:Requesting fresh nonce
2017-08-09 14:01:30,989:DEBUG:acme.client:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz.
2017-08-09 14:01:31,132:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "HEAD /acme/new-authz HTTP/1.1" 405 0
2017-08-09 14:01:31,135:DEBUG:acme.client:Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 91
Allow: POST
Boulder-Request-Id: TThdzQGn8oj_wES8EKvt5k2WJaXujdeHlFdA6YBw3mU
Replay-Nonce: 8-SJcrhben8cWsrniseD-CRI4_XmFRoO7Sf4G3v_NkA
Expires: Wed, 09 Aug 2017 14:01:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 09 Aug 2017 14:01:31 GMT
Connection: keep-alive
2017-08-09 14:01:31,136:DEBUG:acme.client:Storing nonce: 8-SJcrhben8cWsrniseD-CRI4_XmFRoO7Sf4G3v_NkA
2017-08-09 14:01:31,137:DEBUG:acme.client:JWS payload:
{
"identifier": {
"type": "dns",
"value": "gethugames.in"
},
"resource": "new-authz"
}
2017-08-09 14:01:31,150:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
"protected": "eyJub25jZSI6ICI4LVNKY3JoYmVuOGNXc3JuaXNlRC1DUkk0X1htRlJvTzdTZjRHM3ZfTmtBIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiNkU1dWo0cHRZdlQ2T0tWRnRCalVRak1CeExCVFNrYTFnWWRzdTlhYlhMMHcwak5YenJKeTRJM1liN2Z6Rm1raFlVMVhFU0s5SVRkWUVOeVVSZUN2YUQ5b05ITWlZZFBVc0lFcWo3Y3pJNDVwYi1VU3RXZzVMYTU4RnZBbUJ1aXkzLVBHdkJvYnY1VE9QVm5ERXpTRS1rUTQxZUc4TGZCWVFVdENOWGdtMGRPbjBWc2UzVlJkaWhLT0k4NXI4WTVOZjluZmRzVGRzVjl3cXQ3N25PVDhJSWtNckVybzlsSE1YZWUzbGdCRE9iVkhsM2hYZUVWTThPOERaNkRGS1I0WXRnTHFBanh4TzVBazMwaWVFN2ZzeU5sUHpKbjNQUFU2dllXQUZKV0tSbDdnSDJiSmZMUXpMYndGTU5US29vUlVmZGduWXZWR1AzSGV1V2ZTcXh2eUx3In19",
"payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAiZ2V0aHVnYW1lcy5pbiIKICB9LCAKICAicmVzb3VyY2UiOiAibmV3LWF1dGh6Igp9",
"signature": "FUNevJQA5oYBUoQVTRVTI9IoaiGnTQv8763v31vHQu7aoV4LvhuSUYdP_AFILEA4ojZRqCib6Yablgd8thG5ucZ1570Snv6Dg7uPXbRaLrEGi_PyZaVLOBHpoOrowRpoKqiKWvj6RZpVKhdoELF7H4R6FgdWs70MENOKS8cHsfOX6qsnemwEJm7Pe_KMpWS4kMNBZkuv6xph4g-rDpG62R57HN4rfm-QLBdWnjoHBDDGtg9AhFApusJ1mdiKB_KsHNPDWWNSsokbcpwjz_eARVhH23itjlhAXcIMHBPqJ69O-W1HihA-0NDnJ3pCws6yrLiXHQm2JOpcPFt4jhtKYQ"
}
2017-08-09 14:01:31,351:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 201 1001
2017-08-09 14:01:31,353:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 1001
Boulder-Request-Id: VQ5rTJo8wnFpwauFNVLCipzMcsM6csDa3uuuIC24xDc
Boulder-Requester: 19738553
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs
Replay-Nonce: _OQX6fYDXGx6aNmEmOPUepIP8ZKf1xVeWO0RhJqW99o
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 09 Aug 2017 14:01:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 09 Aug 2017 14:01:31 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "gethugames.in"
},
"status": "pending",
"expires": "2017-08-16T14:01:31.295026069Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs/1716090103",
"token": "zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU"
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs/1716090104",
"token": "f_Do6GAuf84XLpu5z5l9SohTL0I1c7xZBXw7Ey9aFyI"
},
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs/1716090105",
"token": "vEI8JGj1E-sN7eC-lAB8C1SVKdS0mLXEzwntRl71CPM"
}
],
"combinations": [
[
0
],
[
2
],
[
1
]
]
}
2017-08-09 14:01:31,354:DEBUG:acme.client:Storing nonce: _OQX6fYDXGx6aNmEmOPUepIP8ZKf1xVeWO0RhJqW99o
2017-08-09 14:01:31,356:DEBUG:acme.client:JWS payload:
{
"identifier": {
"type": "dns",
"value": "www.gethugames.in"
},
"resource": "new-authz"
}
2017-08-09 14:01:31,364:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
"protected": "eyJub25jZSI6ICJfT1FYNmZZRFhHeDZhTm1FbU9QVWVwSVA4WktmMXhWZVdPMFJoSnFXOTlvIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiNkU1dWo0cHRZdlQ2T0tWRnRCalVRak1CeExCVFNrYTFnWWRzdTlhYlhMMHcwak5YenJKeTRJM1liN2Z6Rm1raFlVMVhFU0s5SVRkWUVOeVVSZUN2YUQ5b05ITWlZZFBVc0lFcWo3Y3pJNDVwYi1VU3RXZzVMYTU4RnZBbUJ1aXkzLVBHdkJvYnY1VE9QVm5ERXpTRS1rUTQxZUc4TGZCWVFVdENOWGdtMGRPbjBWc2UzVlJkaWhLT0k4NXI4WTVOZjluZmRzVGRzVjl3cXQ3N25PVDhJSWtNckVybzlsSE1YZWUzbGdCRE9iVkhsM2hYZUVWTThPOERaNkRGS1I0WXRnTHFBanh4TzVBazMwaWVFN2ZzeU5sUHpKbjNQUFU2dllXQUZKV0tSbDdnSDJiSmZMUXpMYndGTU5US29vUlVmZGduWXZWR1AzSGV1V2ZTcXh2eUx3In19",
"payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAid3d3LmdldGh1Z2FtZXMuaW4iCiAgfSwgCiAgInJlc291cmNlIjogIm5ldy1hdXRoeiIKfQ",
"signature": "TMDcuVs4VPnUnUEr_gz9OEexDdgHlm7bpK2JxFaDwGTFIcZvrfzFHmAkLpVUso5ClpisNgb3PhH8eUR6MJQP-AiWGarqpsdtkScc5yIwmuQ09VNbGkZcGSVFgQ_Cp7SPYZ7Ot96CAXq-ryT46FaErnOLjilzsPF7SKHROzaSX75Jsip6FRZqD16a6juSMPZerhz0dTWyzjtqSHfY6vqDwVT2titIM7yEZNBTfEoeesmagXPqUOhbBeHJEPs4ExcK0ihmxdgnQRFpHE9owhJx3B-MgeDLCrbxpLApixXqzRiDRlkaDtov8Tqs13GGRS2SOOIYciLr-6-3sYo24m0vfQ"
}
2017-08-09 14:01:31,484:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 201 1005
2017-08-09 14:01:31,487:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 1005
Boulder-Request-Id: SM7rEQ8Rmmpgr5-7ioaLBQ7OUHUxtqC-tlvuvE-cE2U
Boulder-Requester: 19738553
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0
Replay-Nonce: IfG3V9ZNW46rLXulucLCNr1KZA2UWM1Cbi4rvvQtYD0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 09 Aug 2017 14:01:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 09 Aug 2017 14:01:31 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "www.gethugames.in"
},
"status": "pending",
"expires": "2017-08-16T14:01:31.432248739Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0/1716090121",
"token": "G3pUbB8uRM2Tv4EFUQ6Q5bqAcf-bytpXW8sW02F-m38"
},
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0/1716090122",
"token": "707pgiot8sJ0MyhruzamxkxrdkYNWowmeRonLFlFq8M"
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0/1716090123",
"token": "uE96KbsQ6NzJHsdVUGHfhMIDigWlfidrtG3KzGBdNvw"
}
],
"combinations": [
[
2
],
[
0
],
[
1
]
]
}
2017-08-09 14:01:31,487:DEBUG:acme.client:Storing nonce: IfG3V9ZNW46rLXulucLCNr1KZA2UWM1Cbi4rvvQtYD0
2017-08-09 14:01:31,489:INFO:certbot.auth_handler:Performing the following challenges:
2017-08-09 14:01:31,489:INFO:certbot.auth_handler:http-01 challenge for gethugames.in
2017-08-09 14:01:31,490:INFO:certbot.auth_handler:http-01 challenge for www.gethugames.in
2017-08-09 14:01:31,491:INFO:certbot.plugins.webroot:Using the webroot path /etc/letsencrypt/webroot for all unmatched domains.
2017-08-09 14:01:31,492:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /etc/letsencrypt/webroot/.well-known/acme-challenge
2017-08-09 14:01:31,492:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /etc/letsencrypt/webroot/.well-known/acme-challenge
2017-08-09 14:01:31,506:DEBUG:certbot.plugins.webroot:Attempting to save validation to /etc/letsencrypt/webroot/.well-known/acme-challenge/zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU
2017-08-09 14:01:31,514:DEBUG:certbot.plugins.webroot:Attempting to save validation to /etc/letsencrypt/webroot/.well-known/acme-challenge/G3pUbB8uRM2Tv4EFUQ6Q5bqAcf-bytpXW8sW02F-m38
2017-08-09 14:01:31,515:INFO:certbot.auth_handler:Waiting for verification...
2017-08-09 14:01:31,516:DEBUG:acme.client:JWS payload:
{
"keyAuthorization": "zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU.4PfgJDvyBqBHxYO_OW_-GYQRfEpSCzVO84B72KmxkPg",
"type": "http-01",
"resource": "challenge"
}
2017-08-09 14:01:31,523:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs/1716090103:
{
"protected": "eyJub25jZSI6ICJJZkczVjlaTlc0NnJMWHVsdWNMQ05yMUtaQTJVV00xQ2JpNHJ2dlF0WUQwIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiNkU1dWo0cHRZdlQ2T0tWRnRCalVRak1CeExCVFNrYTFnWWRzdTlhYlhMMHcwak5YenJKeTRJM1liN2Z6Rm1raFlVMVhFU0s5SVRkWUVOeVVSZUN2YUQ5b05ITWlZZFBVc0lFcWo3Y3pJNDVwYi1VU3RXZzVMYTU4RnZBbUJ1aXkzLVBHdkJvYnY1VE9QVm5ERXpTRS1rUTQxZUc4TGZCWVFVdENOWGdtMGRPbjBWc2UzVlJkaWhLT0k4NXI4WTVOZjluZmRzVGRzVjl3cXQ3N25PVDhJSWtNckVybzlsSE1YZWUzbGdCRE9iVkhsM2hYZUVWTThPOERaNkRGS1I0WXRnTHFBanh4TzVBazMwaWVFN2ZzeU5sUHpKbjNQUFU2dllXQUZKV0tSbDdnSDJiSmZMUXpMYndGTU5US29vUlVmZGduWXZWR1AzSGV1V2ZTcXh2eUx3In19",
"payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogInpQQTg2Y1pSNXVRSDM5aWJBdm93aWcwU1pnZDMtZGpEZzFFSjU0VDZWbVUuNFBmZ0pEdnlCcUJIeFlPX09XXy1HWVFSZkVwU0N6Vk84NEI3MktteGtQZyIsIAogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9",
"signature": "X6F9BVIqmQjlbCAI8Un4hI_kr_sV9VZNeOjK3IjtCY1G9PczSWE17k7mRDXeZ8jebWXtXsocuYludyijt0FX7lVNpFg_XpcRmrwycFwPd0FJ9ZOj42fLOxDmXjenAIlAz2QYX4DZTd5qdCaLyRgc99XUNkE76P3l6V31BcKpMOfqAFGed0wkA7RgiKkd8JnTMPSOIz8_1Hs22Vx34xDl-t8GNX2EyWBnN5xALI8BgyqtQmluVuX9zrlix7mBu1N9EjNC_FiyTfiIBrKPFZmPpMUkBpu8eJTaIrxPEI1xqdhdmN7pzWVD_vZgGKkdwcyv0L3WXU5w0v6-kOeorNyJvQ"
}
2017-08-09 14:01:31,691:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/challenge/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs/1716090103 HTTP/1.1" 202 336
2017-08-09 14:01:31,693:DEBUG:acme.client:Received response:
HTTP 202
Server: nginx
Content-Type: application/json
Content-Length: 336
Boulder-Request-Id: AzXvsVOxbAzoKryJnra5F4KQMlZ1MXk-fw-3KxTXHSA
Boulder-Requester: 19738553
Link: <https://acme-v01.api.letsencrypt.org/acme/authz/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs>;rel="up"
Location: https://acme-v01.api.letsencrypt.org/acme/challenge/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs/1716090103
Replay-Nonce: kZE-252DfTW7_-wGGpFIoffloI98krUNqfidTgDYU88
Expires: Wed, 09 Aug 2017 14:01:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 09 Aug 2017 14:01:31 GMT
Connection: keep-alive
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs/1716090103",
"token": "zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU",
"keyAuthorization": "zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU.4PfgJDvyBqBHxYO_OW_-GYQRfEpSCzVO84B72KmxkPg"
}
2017-08-09 14:01:31,693:DEBUG:acme.client:Storing nonce: kZE-252DfTW7_-wGGpFIoffloI98krUNqfidTgDYU88
2017-08-09 14:01:31,695:DEBUG:acme.client:JWS payload:
{
"keyAuthorization": "G3pUbB8uRM2Tv4EFUQ6Q5bqAcf-bytpXW8sW02F-m38.4PfgJDvyBqBHxYO_OW_-GYQRfEpSCzVO84B72KmxkPg",
"type": "http-01",
"resource": "challenge"
}
2017-08-09 14:01:31,703:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0/1716090121:
{
"protected": "eyJub25jZSI6ICJrWkUtMjUyRGZUVzdfLXdHR3BGSW9mZmxvSTk4a3JVTnFmaWRUZ0RZVTg4IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiNkU1dWo0cHRZdlQ2T0tWRnRCalVRak1CeExCVFNrYTFnWWRzdTlhYlhMMHcwak5YenJKeTRJM1liN2Z6Rm1raFlVMVhFU0s5SVRkWUVOeVVSZUN2YUQ5b05ITWlZZFBVc0lFcWo3Y3pJNDVwYi1VU3RXZzVMYTU4RnZBbUJ1aXkzLVBHdkJvYnY1VE9QVm5ERXpTRS1rUTQxZUc4TGZCWVFVdENOWGdtMGRPbjBWc2UzVlJkaWhLT0k4NXI4WTVOZjluZmRzVGRzVjl3cXQ3N25PVDhJSWtNckVybzlsSE1YZWUzbGdCRE9iVkhsM2hYZUVWTThPOERaNkRGS1I0WXRnTHFBanh4TzVBazMwaWVFN2ZzeU5sUHpKbjNQUFU2dllXQUZKV0tSbDdnSDJiSmZMUXpMYndGTU5US29vUlVmZGduWXZWR1AzSGV1V2ZTcXh2eUx3In19",
"payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogIkczcFViQjh1Uk0yVHY0RUZVUTZRNWJxQWNmLWJ5dHBYVzhzVzAyRi1tMzguNFBmZ0pEdnlCcUJIeFlPX09XXy1HWVFSZkVwU0N6Vk84NEI3MktteGtQZyIsIAogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9",
"signature": "Bty0Yl4nHxSslDejjVr7FpSOzYbgIo8wwdn8OoN1VXmYmY1lqxLC9cC257K6irKmohZLUyU2hCSIANunUtFK0F2PoHtWWWDpEQ3cufjVR2VwpvMbDycbGBUzhS5Izl_5x2Ld121EHZOI78TPpGxRKh-uOS6gVDtq8JdfhNWqFQOa4iPbna-TTmP4kRPrJJar_li1hLYa2MyEJey49wHSYHetxdhW4VNnujdGM7ZM5fxPFPt6152yYSH7jfPGCKtksZMHlO3OdJlXNAaMhjUmBsq9rHhE5iL6MN7DALZ77TtbQNdKdaNBtbeB0ZXOL433ppACcCUY9bK2CwqL4vKq9Q"
}
2017-08-09 14:01:31,808:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/challenge/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0/1716090121 HTTP/1.1" 202 336
2017-08-09 14:01:31,810:DEBUG:acme.client:Received response:
HTTP 202
Server: nginx
Content-Type: application/json
Content-Length: 336
Boulder-Request-Id: q0wxzgcBQuNVm6RCYnHFF3JdvUzg_Xu-Dz0kFLSNa14
Boulder-Requester: 19738553
Link: <https://acme-v01.api.letsencrypt.org/acme/authz/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0>;rel="up"
Location: https://acme-v01.api.letsencrypt.org/acme/challenge/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0/1716090121
Replay-Nonce: jkK_j6OyTJ50wo7uIkv6cA15JXApckOzAUDyaxP4rOo
Expires: Wed, 09 Aug 2017 14:01:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 09 Aug 2017 14:01:31 GMT
Connection: keep-alive
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0/1716090121",
"token": "G3pUbB8uRM2Tv4EFUQ6Q5bqAcf-bytpXW8sW02F-m38",
"keyAuthorization": "G3pUbB8uRM2Tv4EFUQ6Q5bqAcf-bytpXW8sW02F-m38.4PfgJDvyBqBHxYO_OW_-GYQRfEpSCzVO84B72KmxkPg"
}
2017-08-09 14:01:31,810:DEBUG:acme.client:Storing nonce: jkK_j6OyTJ50wo7uIkv6cA15JXApckOzAUDyaxP4rOo
2017-08-09 14:01:34,814:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs.
2017-08-09 14:01:34,948:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "GET /acme/authz/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs HTTP/1.1" 200 1954
2017-08-09 14:01:34,950:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1954
Boulder-Request-Id: gJxro2BLS4IcUtepG3bqrVkPg4f9i6KA4Xu-l2hvzZA
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Replay-Nonce: XlI0qZuaUpq45EOdoXDR1eHWx22rIy32PfWx1GEec9s
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 09 Aug 2017 14:01:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 09 Aug 2017 14:01:34 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "gethugames.in"
},
"status": "invalid",
"expires": "2017-08-16T14:01:31Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:unauthorized",
"detail": "The key authorization file from the server did not match this challenge [zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU.4PfgJDvyBqBHxYO_OW_-GYQRfEpSCzVO84B72KmxkPg] != [zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU.Y-ZCxCwqaBXrNrsAVUOpgWN4EuDv21k-m6MlmrMyI4c]",
"status": 403
},
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs/1716090103",
"token": "zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU",
"keyAuthorization": "zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU.4PfgJDvyBqBHxYO_OW_-GYQRfEpSCzVO84B72KmxkPg",
"validationRecord": [
{
"url": "http://gethugames.in/.well-known/acme-challenge/zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU",
"hostname": "gethugames.in",
"port": "80",
"addressesResolved": [
"104.131.73.51",
"2604:a880:800:10::24e4:7001"
],
"addressUsed": "104.131.73.51",
"addressesTried": [
"2604:a880:800:10::24e4:7001"
]
}
]
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs/1716090104",
"token": "f_Do6GAuf84XLpu5z5l9SohTL0I1c7xZBXw7Ey9aFyI"
},
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs/1716090105",
"token": "vEI8JGj1E-sN7eC-lAB8C1SVKdS0mLXEzwntRl71CPM"
}
],
"combinations": [
[
0
],
[
2
],
[
1
]
]
}
2017-08-09 14:01:34,952:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0.
2017-08-09 14:01:35,150:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "GET /acme/authz/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0 HTTP/1.1" 200 1112
2017-08-09 14:01:35,152:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1112
Boulder-Request-Id: N0QixvPtqkTnZ62kbjfUW16yz1eEBJOEqTrJR7mTh3c
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Replay-Nonce: j9EZ3y5GcoKY8YG9JiLEL86ct-e72u29Ic56_e1Y3A4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 09 Aug 2017 14:01:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 09 Aug 2017 14:01:35 GMT
Connection: keep-alive
{
"identifier": {
"type": "dns",
"value": "www.gethugames.in"
},
"status": "pending",
"expires": "2017-08-16T14:01:31Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0/1716090121",
"token": "G3pUbB8uRM2Tv4EFUQ6Q5bqAcf-bytpXW8sW02F-m38",
"keyAuthorization": "G3pUbB8uRM2Tv4EFUQ6Q5bqAcf-bytpXW8sW02F-m38.4PfgJDvyBqBHxYO_OW_-GYQRfEpSCzVO84B72KmxkPg"
},
{
"type": "dns-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0/1716090122",
"token": "707pgiot8sJ0MyhruzamxkxrdkYNWowmeRonLFlFq8M"
},
{
"type": "tls-sni-01",
"status": "pending",
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0/1716090123",
"token": "uE96KbsQ6NzJHsdVUGHfhMIDigWlfidrtG3KzGBdNvw"
}
],
"combinations": [
[
2
],
[
0
],
[
1
]
]
}
2017-08-09 14:01:35,154:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: gethugames.in
Type: unauthorized
Detail: The key authorization file from the server did not match this challenge [zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU.4PfgJDvyBqBHxYO_OW_-GYQRfEpSCzVO84B72KmxkPg] != [zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU.Y-ZCxCwqaBXrNrsAVUOpgWN4EuDv21k-m6MlmrMyI4c]
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2017-08-09 14:01:35,154:INFO:certbot.auth_handler:Cleaning up challenges
2017-08-09 14:01:35,155:DEBUG:certbot.plugins.webroot:Removing /etc/letsencrypt/webroot/.well-known/acme-challenge/zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU
2017-08-09 14:01:35,156:DEBUG:certbot.plugins.webroot:Removing /etc/letsencrypt/webroot/.well-known/acme-challenge/G3pUbB8uRM2Tv4EFUQ6Q5bqAcf-bytpXW8sW02F-m38
2017-08-09 14:01:35,157:DEBUG:certbot.plugins.webroot:All challenges cleaned up, removing /etc/letsencrypt/webroot/.well-known/acme-challenge
2017-08-09 14:01:35,157:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
sys.exit(main())
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 753, in main
return config.func(config, plugins)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 692, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 82, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 357, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 318, in obtain_certificate
self.config.allow_subset_of_names)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 81, in get_authorizations
self._respond(resp, best_effort)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 138, in _respond
self._poll_challenges(chall_update, best_effort)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 202, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. gethugames.in (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge [zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU.4PfgJDvyBqBHxYO_OW_-GYQRfEpSCzVO84B72KmxkPg] != [zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU.Y-ZCxCwqaBXrNrsAVUOpgWN4EuDv21k-m6MlmrMyI4c]
i am also getting the same issue
Push!
I just ran into the very same issue described here. Was anyone able to solve it?
Having just set up a clean VPS with Vesta from the install script, I recommend using the built in SSL support that comes with Vesta now and not even going with letsencrypt-vesta, since it hasn't been updated in 2 years.
I installed Certbot using (on Ubuntu 16.04):
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get install python-certbot-apache
After that, under WEB in VestaCP: Find the domain in question and click EDIT next to it Click ADVANCED OPTIONS Check SSL Support Check Lets Encrypt Support Click ADD Wait about 30 seconds as it should automatically create everything silently before reloading the page.
I found it didn't always show the information immediately so get out of the domain by going back to the WEB panel, and click back in (by clicking EDIT in the domain's entry) and you should see the SSL certificate textboxes propagated!
Side Note: If you can't even get the default Vesta page going without SSL on your domain, you'll need to look into your DNS issues before tackling the certificate side. Hope this helps!
It may be caused by the resolving your domain. https://centos.uwebweb.com/key-authorization-file-server-did-not-match-challenge-letsencrypt
Any luck? I just bumped into the same issue on fresh install of Ubuntu 24.04 and certbot 2.10.0
Does anyone know how to fix this?