interbrite / letsencrypt-vesta

Automate Let's Encrypt Certificate Installation for VestaCP
Other
217 stars 64 forks source link

Vestacp letsencrypt Error The key authorization file from the server did not match this challenge #51

Open josenoveli opened 7 years ago

josenoveli commented 7 years ago

Does anyone know how to fix this?

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for webnuvem.com
http-01 challenge for www.webnuvem.com
Using the webroot path /etc/letsencrypt/webroot for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. webnuvem.com (http-01): urn:acme:error:unauthorized :: 
The client lacks sufficient authorization :: 
The key authorization file from the server did not match this challenge [KEY!] != [KEY!]

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: webnuvem.com
   Type:   unauthorized
   Detail: The key authorization file from the server did not match
   this challenge
   [KEY!]
   !=
   [KEY!]

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.
Let's Encrypt returned an error status.  Aborting.
nubinter commented 7 years ago

hei, I have the same problem. the key challange appears ri be different from the key obtain from the server.

josenoveli commented 7 years ago

@nubinter I had already installed it on another server. Can not you revoke the old one?

stephdotnet commented 7 years ago

Hello,

Does anybody have a clue or solution for this?

It's the first time this is happening to me :\ Usually, it goes well (and my DNS zones are ok for the www and non-www)

fabianborg commented 7 years ago

I am having the same issues (example.com is intentional to replace the real domain name)

root@server:~# letsencrypt-vesta admin example.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example.com
http-01 challenge for www.example.com
Using the webroot path /etc/letsencrypt/webroot for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge [SpF5RYoAUL7KwL2wcS-vsrJb53pmeIKKn6U9SmMyMYU.beYaC8qzUM_StuviLZkDy-IMn7twZbTthcdtLGvfv_Y] != [SpF5RYoAUL7KwL2wcS-vsrJb53pmeIKKn6U9SmMyMYU.JZBgjnhAN-WRJGBziNjLkVP-uvfOXwX_XDx2tUx1rEs], example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge [t4jqnRu-wXy57VMjdx0mzNdBpSTGvWLvh645hGcYC6c.beYaC8qzUM_StuviLZkDy-IMn7twZbTthcdtLGvfv_Y] != [t4jqnRu-wXy57VMjdx0mzNdBpSTGvWLvh645hGcYC6c.JZBgjnhAN-WRJGBziNjLkVP-uvfOXwX_XDx2tUx1rEs]

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.example.com
   Type:   unauthorized
   Detail: The key authorization file from the server did not match
   this challenge
   [SpF5RYoAUL7KwL2wcS-vsrJb53pmeIKKn6U9SmMyMYU.beYaC8qzUM_StuviLZkDy-IMn7twZbTthcdtLGvfv_Y]
   !=
   [SpF5RYoAUL7KwL2wcS-vsrJb53pmeIKKn6U9SmMyMYU.JZBgjnhAN-WRJGBziNjLkVP-uvfOXwX_XDx2tUx1rEs]

   Domain: example.com
   Type:   unauthorized
   Detail: The key authorization file from the server did not match
   this challenge
   [t4jqnRu-wXy57VMjdx0mzNdBpSTGvWLvh645hGcYC6c.beYaC8qzUM_StuviLZkDy-IMn7twZbTthcdtLGvfv_Y]
   !=
   [t4jqnRu-wXy57VMjdx0mzNdBpSTGvWLvh645hGcYC6c.JZBgjnhAN-WRJGBziNjLkVP-uvfOXwX_XDx2tUx1rEs]

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.
Let's Encrypt returned an error status.  Aborting.
root@server:~#
OpenCodeLatino commented 7 years ago

Anyone with the solution, I already have A record @ and www to my server ip address

fabianborg commented 7 years ago

@OpenCodeLatino what I ended up doing was a fresh install of the OS and started all over again to bump into another bug here

stephdotnet commented 7 years ago

My issue was caused by the .htaccess of the folder/site i was trying to certificate.

I had a prestashop site running in the folder i was trying to certificate and the htaccess was causing the issue. I emptied the folder (moved the site to a subfolder) and tried again. At this moment it worked.

Hope it helps.

duard commented 7 years ago

Same problem here, fresh install of VESTACP

Applepi commented 7 years ago

Problem still exists anyone have a fix?

saiy2k commented 7 years ago

Same issue. Pasting my debug log from /var/log/letsencrypt/letsencrypt.log Any help pls

2017-08-09 14:01:30,273:DEBUG:certbot.main:certbot version: 0.17.0
2017-08-09 14:01:30,274:DEBUG:certbot.main:Arguments: ['-t', '--renew-by-default', '--agree-tos', '--webroot', '-w', '/etc/letsencrypt/webroot', '--server', 'https://acme-v01.api.letsencrypt.org/directory', '-m', 'saiy2k@gmail.com', '-d', 'gethugames.in,www.gethugames.in']
2017-08-09 14:01:30,274:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2017-08-09 14:01:30,297:DEBUG:certbot.log:Root logging level set at 20
2017-08-09 14:01:30,299:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-08-09 14:01:30,301:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer None
2017-08-09 14:01:30,315:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7fa13caaed90>
Prep: True
2017-08-09 14:01:30,317:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7fa13caaed90> and installer None
2017-08-09 14:01:30,328:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(status=None, contact=(u'mailto:saiy2k@gmail.com',), agreement=u'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf', key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7fa13ca85450>)>)), uri=u'https://acme-v01.api.letsencrypt.org/acme/reg/19738553', new_authzr_uri=u'https://acme-v01.api.letsencrypt.org/acme/new-authz', terms_of_service=u'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf'), c59a3c1b98cc84e08a234786eb55ae49, Meta(creation_host=u'grassrootapps.in', creation_dt=datetime.datetime(2017, 8, 9, 8, 48, 59, tzinfo=<UTC>)))>
2017-08-09 14:01:30,331:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
2017-08-09 14:01:30,345:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2017-08-09 14:01:30,984:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 460
2017-08-09 14:01:30,986:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 460
Boulder-Request-Id: nOY0-tpubCC3k9PKblbORyDmSzadycDYz51wdkidMKc
Replay-Nonce: 2q5edZ1p2uMyf7wb4izXehLVsWOojkMiMFLYvVyXzro
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 09 Aug 2017 14:01:30 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 09 Aug 2017 14:01:30 GMT
Connection: keep-alive

{
  "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
  "meta": {
    "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"
  },
  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}
2017-08-09 14:01:30,988:INFO:certbot.main:Obtaining a new certificate
2017-08-09 14:01:30,989:DEBUG:acme.client:Requesting fresh nonce
2017-08-09 14:01:30,989:DEBUG:acme.client:Sending HEAD request to https://acme-v01.api.letsencrypt.org/acme/new-authz.
2017-08-09 14:01:31,132:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "HEAD /acme/new-authz HTTP/1.1" 405 0
2017-08-09 14:01:31,135:DEBUG:acme.client:Received response:
HTTP 405
Server: nginx
Content-Type: application/problem+json
Content-Length: 91
Allow: POST
Boulder-Request-Id: TThdzQGn8oj_wES8EKvt5k2WJaXujdeHlFdA6YBw3mU
Replay-Nonce: 8-SJcrhben8cWsrniseD-CRI4_XmFRoO7Sf4G3v_NkA
Expires: Wed, 09 Aug 2017 14:01:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 09 Aug 2017 14:01:31 GMT
Connection: keep-alive

2017-08-09 14:01:31,136:DEBUG:acme.client:Storing nonce: 8-SJcrhben8cWsrniseD-CRI4_XmFRoO7Sf4G3v_NkA
2017-08-09 14:01:31,137:DEBUG:acme.client:JWS payload:
{
  "identifier": {
    "type": "dns", 
    "value": "gethugames.in"
  }, 
  "resource": "new-authz"
}
2017-08-09 14:01:31,150:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
  "protected": "eyJub25jZSI6ICI4LVNKY3JoYmVuOGNXc3JuaXNlRC1DUkk0X1htRlJvTzdTZjRHM3ZfTmtBIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiNkU1dWo0cHRZdlQ2T0tWRnRCalVRak1CeExCVFNrYTFnWWRzdTlhYlhMMHcwak5YenJKeTRJM1liN2Z6Rm1raFlVMVhFU0s5SVRkWUVOeVVSZUN2YUQ5b05ITWlZZFBVc0lFcWo3Y3pJNDVwYi1VU3RXZzVMYTU4RnZBbUJ1aXkzLVBHdkJvYnY1VE9QVm5ERXpTRS1rUTQxZUc4TGZCWVFVdENOWGdtMGRPbjBWc2UzVlJkaWhLT0k4NXI4WTVOZjluZmRzVGRzVjl3cXQ3N25PVDhJSWtNckVybzlsSE1YZWUzbGdCRE9iVkhsM2hYZUVWTThPOERaNkRGS1I0WXRnTHFBanh4TzVBazMwaWVFN2ZzeU5sUHpKbjNQUFU2dllXQUZKV0tSbDdnSDJiSmZMUXpMYndGTU5US29vUlVmZGduWXZWR1AzSGV1V2ZTcXh2eUx3In19", 
  "payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAiZ2V0aHVnYW1lcy5pbiIKICB9LCAKICAicmVzb3VyY2UiOiAibmV3LWF1dGh6Igp9", 
  "signature": "FUNevJQA5oYBUoQVTRVTI9IoaiGnTQv8763v31vHQu7aoV4LvhuSUYdP_AFILEA4ojZRqCib6Yablgd8thG5ucZ1570Snv6Dg7uPXbRaLrEGi_PyZaVLOBHpoOrowRpoKqiKWvj6RZpVKhdoELF7H4R6FgdWs70MENOKS8cHsfOX6qsnemwEJm7Pe_KMpWS4kMNBZkuv6xph4g-rDpG62R57HN4rfm-QLBdWnjoHBDDGtg9AhFApusJ1mdiKB_KsHNPDWWNSsokbcpwjz_eARVhH23itjlhAXcIMHBPqJ69O-W1HihA-0NDnJ3pCws6yrLiXHQm2JOpcPFt4jhtKYQ"
}
2017-08-09 14:01:31,351:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 201 1001
2017-08-09 14:01:31,353:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 1001
Boulder-Request-Id: VQ5rTJo8wnFpwauFNVLCipzMcsM6csDa3uuuIC24xDc
Boulder-Requester: 19738553
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs
Replay-Nonce: _OQX6fYDXGx6aNmEmOPUepIP8ZKf1xVeWO0RhJqW99o
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 09 Aug 2017 14:01:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 09 Aug 2017 14:01:31 GMT
Connection: keep-alive

{
  "identifier": {
    "type": "dns",
    "value": "gethugames.in"
  },
  "status": "pending",
  "expires": "2017-08-16T14:01:31.295026069Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs/1716090103",
      "token": "zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU"
    },
    {
      "type": "tls-sni-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs/1716090104",
      "token": "f_Do6GAuf84XLpu5z5l9SohTL0I1c7xZBXw7Ey9aFyI"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs/1716090105",
      "token": "vEI8JGj1E-sN7eC-lAB8C1SVKdS0mLXEzwntRl71CPM"
    }
  ],
  "combinations": [
    [
      0
    ],
    [
      2
    ],
    [
      1
    ]
  ]
}
2017-08-09 14:01:31,354:DEBUG:acme.client:Storing nonce: _OQX6fYDXGx6aNmEmOPUepIP8ZKf1xVeWO0RhJqW99o
2017-08-09 14:01:31,356:DEBUG:acme.client:JWS payload:
{
  "identifier": {
    "type": "dns", 
    "value": "www.gethugames.in"
  }, 
  "resource": "new-authz"
}
2017-08-09 14:01:31,364:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz:
{
  "protected": "eyJub25jZSI6ICJfT1FYNmZZRFhHeDZhTm1FbU9QVWVwSVA4WktmMXhWZVdPMFJoSnFXOTlvIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiNkU1dWo0cHRZdlQ2T0tWRnRCalVRak1CeExCVFNrYTFnWWRzdTlhYlhMMHcwak5YenJKeTRJM1liN2Z6Rm1raFlVMVhFU0s5SVRkWUVOeVVSZUN2YUQ5b05ITWlZZFBVc0lFcWo3Y3pJNDVwYi1VU3RXZzVMYTU4RnZBbUJ1aXkzLVBHdkJvYnY1VE9QVm5ERXpTRS1rUTQxZUc4TGZCWVFVdENOWGdtMGRPbjBWc2UzVlJkaWhLT0k4NXI4WTVOZjluZmRzVGRzVjl3cXQ3N25PVDhJSWtNckVybzlsSE1YZWUzbGdCRE9iVkhsM2hYZUVWTThPOERaNkRGS1I0WXRnTHFBanh4TzVBazMwaWVFN2ZzeU5sUHpKbjNQUFU2dllXQUZKV0tSbDdnSDJiSmZMUXpMYndGTU5US29vUlVmZGduWXZWR1AzSGV1V2ZTcXh2eUx3In19", 
  "payload": "ewogICJpZGVudGlmaWVyIjogewogICAgInR5cGUiOiAiZG5zIiwgCiAgICAidmFsdWUiOiAid3d3LmdldGh1Z2FtZXMuaW4iCiAgfSwgCiAgInJlc291cmNlIjogIm5ldy1hdXRoeiIKfQ", 
  "signature": "TMDcuVs4VPnUnUEr_gz9OEexDdgHlm7bpK2JxFaDwGTFIcZvrfzFHmAkLpVUso5ClpisNgb3PhH8eUR6MJQP-AiWGarqpsdtkScc5yIwmuQ09VNbGkZcGSVFgQ_Cp7SPYZ7Ot96CAXq-ryT46FaErnOLjilzsPF7SKHROzaSX75Jsip6FRZqD16a6juSMPZerhz0dTWyzjtqSHfY6vqDwVT2titIM7yEZNBTfEoeesmagXPqUOhbBeHJEPs4ExcK0ihmxdgnQRFpHE9owhJx3B-MgeDLCrbxpLApixXqzRiDRlkaDtov8Tqs13GGRS2SOOIYciLr-6-3sYo24m0vfQ"
}
2017-08-09 14:01:31,484:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/new-authz HTTP/1.1" 201 1005
2017-08-09 14:01:31,487:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Content-Type: application/json
Content-Length: 1005
Boulder-Request-Id: SM7rEQ8Rmmpgr5-7ioaLBQ7OUHUxtqC-tlvuvE-cE2U
Boulder-Requester: 19738553
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0
Replay-Nonce: IfG3V9ZNW46rLXulucLCNr1KZA2UWM1Cbi4rvvQtYD0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 09 Aug 2017 14:01:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 09 Aug 2017 14:01:31 GMT
Connection: keep-alive

{
  "identifier": {
    "type": "dns",
    "value": "www.gethugames.in"
  },
  "status": "pending",
  "expires": "2017-08-16T14:01:31.432248739Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0/1716090121",
      "token": "G3pUbB8uRM2Tv4EFUQ6Q5bqAcf-bytpXW8sW02F-m38"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0/1716090122",
      "token": "707pgiot8sJ0MyhruzamxkxrdkYNWowmeRonLFlFq8M"
    },
    {
      "type": "tls-sni-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0/1716090123",
      "token": "uE96KbsQ6NzJHsdVUGHfhMIDigWlfidrtG3KzGBdNvw"
    }
  ],
  "combinations": [
    [
      2
    ],
    [
      0
    ],
    [
      1
    ]
  ]
}
2017-08-09 14:01:31,487:DEBUG:acme.client:Storing nonce: IfG3V9ZNW46rLXulucLCNr1KZA2UWM1Cbi4rvvQtYD0
2017-08-09 14:01:31,489:INFO:certbot.auth_handler:Performing the following challenges:
2017-08-09 14:01:31,489:INFO:certbot.auth_handler:http-01 challenge for gethugames.in
2017-08-09 14:01:31,490:INFO:certbot.auth_handler:http-01 challenge for www.gethugames.in
2017-08-09 14:01:31,491:INFO:certbot.plugins.webroot:Using the webroot path /etc/letsencrypt/webroot for all unmatched domains.
2017-08-09 14:01:31,492:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /etc/letsencrypt/webroot/.well-known/acme-challenge
2017-08-09 14:01:31,492:DEBUG:certbot.plugins.webroot:Creating root challenges validation dir at /etc/letsencrypt/webroot/.well-known/acme-challenge
2017-08-09 14:01:31,506:DEBUG:certbot.plugins.webroot:Attempting to save validation to /etc/letsencrypt/webroot/.well-known/acme-challenge/zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU
2017-08-09 14:01:31,514:DEBUG:certbot.plugins.webroot:Attempting to save validation to /etc/letsencrypt/webroot/.well-known/acme-challenge/G3pUbB8uRM2Tv4EFUQ6Q5bqAcf-bytpXW8sW02F-m38
2017-08-09 14:01:31,515:INFO:certbot.auth_handler:Waiting for verification...
2017-08-09 14:01:31,516:DEBUG:acme.client:JWS payload:
{
  "keyAuthorization": "zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU.4PfgJDvyBqBHxYO_OW_-GYQRfEpSCzVO84B72KmxkPg", 
  "type": "http-01", 
  "resource": "challenge"
}
2017-08-09 14:01:31,523:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs/1716090103:
{
  "protected": "eyJub25jZSI6ICJJZkczVjlaTlc0NnJMWHVsdWNMQ05yMUtaQTJVV00xQ2JpNHJ2dlF0WUQwIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiNkU1dWo0cHRZdlQ2T0tWRnRCalVRak1CeExCVFNrYTFnWWRzdTlhYlhMMHcwak5YenJKeTRJM1liN2Z6Rm1raFlVMVhFU0s5SVRkWUVOeVVSZUN2YUQ5b05ITWlZZFBVc0lFcWo3Y3pJNDVwYi1VU3RXZzVMYTU4RnZBbUJ1aXkzLVBHdkJvYnY1VE9QVm5ERXpTRS1rUTQxZUc4TGZCWVFVdENOWGdtMGRPbjBWc2UzVlJkaWhLT0k4NXI4WTVOZjluZmRzVGRzVjl3cXQ3N25PVDhJSWtNckVybzlsSE1YZWUzbGdCRE9iVkhsM2hYZUVWTThPOERaNkRGS1I0WXRnTHFBanh4TzVBazMwaWVFN2ZzeU5sUHpKbjNQUFU2dllXQUZKV0tSbDdnSDJiSmZMUXpMYndGTU5US29vUlVmZGduWXZWR1AzSGV1V2ZTcXh2eUx3In19", 
  "payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogInpQQTg2Y1pSNXVRSDM5aWJBdm93aWcwU1pnZDMtZGpEZzFFSjU0VDZWbVUuNFBmZ0pEdnlCcUJIeFlPX09XXy1HWVFSZkVwU0N6Vk84NEI3MktteGtQZyIsIAogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9", 
  "signature": "X6F9BVIqmQjlbCAI8Un4hI_kr_sV9VZNeOjK3IjtCY1G9PczSWE17k7mRDXeZ8jebWXtXsocuYludyijt0FX7lVNpFg_XpcRmrwycFwPd0FJ9ZOj42fLOxDmXjenAIlAz2QYX4DZTd5qdCaLyRgc99XUNkE76P3l6V31BcKpMOfqAFGed0wkA7RgiKkd8JnTMPSOIz8_1Hs22Vx34xDl-t8GNX2EyWBnN5xALI8BgyqtQmluVuX9zrlix7mBu1N9EjNC_FiyTfiIBrKPFZmPpMUkBpu8eJTaIrxPEI1xqdhdmN7pzWVD_vZgGKkdwcyv0L3WXU5w0v6-kOeorNyJvQ"
}
2017-08-09 14:01:31,691:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/challenge/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs/1716090103 HTTP/1.1" 202 336
2017-08-09 14:01:31,693:DEBUG:acme.client:Received response:
HTTP 202
Server: nginx
Content-Type: application/json
Content-Length: 336
Boulder-Request-Id: AzXvsVOxbAzoKryJnra5F4KQMlZ1MXk-fw-3KxTXHSA
Boulder-Requester: 19738553
Link: <https://acme-v01.api.letsencrypt.org/acme/authz/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs>;rel="up"
Location: https://acme-v01.api.letsencrypt.org/acme/challenge/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs/1716090103
Replay-Nonce: kZE-252DfTW7_-wGGpFIoffloI98krUNqfidTgDYU88
Expires: Wed, 09 Aug 2017 14:01:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 09 Aug 2017 14:01:31 GMT
Connection: keep-alive

{
  "type": "http-01",
  "status": "pending",
  "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs/1716090103",
  "token": "zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU",
  "keyAuthorization": "zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU.4PfgJDvyBqBHxYO_OW_-GYQRfEpSCzVO84B72KmxkPg"
}
2017-08-09 14:01:31,693:DEBUG:acme.client:Storing nonce: kZE-252DfTW7_-wGGpFIoffloI98krUNqfidTgDYU88
2017-08-09 14:01:31,695:DEBUG:acme.client:JWS payload:
{
  "keyAuthorization": "G3pUbB8uRM2Tv4EFUQ6Q5bqAcf-bytpXW8sW02F-m38.4PfgJDvyBqBHxYO_OW_-GYQRfEpSCzVO84B72KmxkPg", 
  "type": "http-01", 
  "resource": "challenge"
}
2017-08-09 14:01:31,703:DEBUG:acme.client:Sending POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0/1716090121:
{
  "protected": "eyJub25jZSI6ICJrWkUtMjUyRGZUVzdfLXdHR3BGSW9mZmxvSTk4a3JVTnFmaWRUZ0RZVTg4IiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiNkU1dWo0cHRZdlQ2T0tWRnRCalVRak1CeExCVFNrYTFnWWRzdTlhYlhMMHcwak5YenJKeTRJM1liN2Z6Rm1raFlVMVhFU0s5SVRkWUVOeVVSZUN2YUQ5b05ITWlZZFBVc0lFcWo3Y3pJNDVwYi1VU3RXZzVMYTU4RnZBbUJ1aXkzLVBHdkJvYnY1VE9QVm5ERXpTRS1rUTQxZUc4TGZCWVFVdENOWGdtMGRPbjBWc2UzVlJkaWhLT0k4NXI4WTVOZjluZmRzVGRzVjl3cXQ3N25PVDhJSWtNckVybzlsSE1YZWUzbGdCRE9iVkhsM2hYZUVWTThPOERaNkRGS1I0WXRnTHFBanh4TzVBazMwaWVFN2ZzeU5sUHpKbjNQUFU2dllXQUZKV0tSbDdnSDJiSmZMUXpMYndGTU5US29vUlVmZGduWXZWR1AzSGV1V2ZTcXh2eUx3In19", 
  "payload": "ewogICJrZXlBdXRob3JpemF0aW9uIjogIkczcFViQjh1Uk0yVHY0RUZVUTZRNWJxQWNmLWJ5dHBYVzhzVzAyRi1tMzguNFBmZ0pEdnlCcUJIeFlPX09XXy1HWVFSZkVwU0N6Vk84NEI3MktteGtQZyIsIAogICJ0eXBlIjogImh0dHAtMDEiLCAKICAicmVzb3VyY2UiOiAiY2hhbGxlbmdlIgp9", 
  "signature": "Bty0Yl4nHxSslDejjVr7FpSOzYbgIo8wwdn8OoN1VXmYmY1lqxLC9cC257K6irKmohZLUyU2hCSIANunUtFK0F2PoHtWWWDpEQ3cufjVR2VwpvMbDycbGBUzhS5Izl_5x2Ld121EHZOI78TPpGxRKh-uOS6gVDtq8JdfhNWqFQOa4iPbna-TTmP4kRPrJJar_li1hLYa2MyEJey49wHSYHetxdhW4VNnujdGM7ZM5fxPFPt6152yYSH7jfPGCKtksZMHlO3OdJlXNAaMhjUmBsq9rHhE5iL6MN7DALZ77TtbQNdKdaNBtbeB0ZXOL433ppACcCUY9bK2CwqL4vKq9Q"
}
2017-08-09 14:01:31,808:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "POST /acme/challenge/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0/1716090121 HTTP/1.1" 202 336
2017-08-09 14:01:31,810:DEBUG:acme.client:Received response:
HTTP 202
Server: nginx
Content-Type: application/json
Content-Length: 336
Boulder-Request-Id: q0wxzgcBQuNVm6RCYnHFF3JdvUzg_Xu-Dz0kFLSNa14
Boulder-Requester: 19738553
Link: <https://acme-v01.api.letsencrypt.org/acme/authz/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0>;rel="up"
Location: https://acme-v01.api.letsencrypt.org/acme/challenge/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0/1716090121
Replay-Nonce: jkK_j6OyTJ50wo7uIkv6cA15JXApckOzAUDyaxP4rOo
Expires: Wed, 09 Aug 2017 14:01:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 09 Aug 2017 14:01:31 GMT
Connection: keep-alive

{
  "type": "http-01",
  "status": "pending",
  "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0/1716090121",
  "token": "G3pUbB8uRM2Tv4EFUQ6Q5bqAcf-bytpXW8sW02F-m38",
  "keyAuthorization": "G3pUbB8uRM2Tv4EFUQ6Q5bqAcf-bytpXW8sW02F-m38.4PfgJDvyBqBHxYO_OW_-GYQRfEpSCzVO84B72KmxkPg"
}
2017-08-09 14:01:31,810:DEBUG:acme.client:Storing nonce: jkK_j6OyTJ50wo7uIkv6cA15JXApckOzAUDyaxP4rOo
2017-08-09 14:01:34,814:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs.
2017-08-09 14:01:34,948:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "GET /acme/authz/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs HTTP/1.1" 200 1954
2017-08-09 14:01:34,950:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1954
Boulder-Request-Id: gJxro2BLS4IcUtepG3bqrVkPg4f9i6KA4Xu-l2hvzZA
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Replay-Nonce: XlI0qZuaUpq45EOdoXDR1eHWx22rIy32PfWx1GEec9s
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 09 Aug 2017 14:01:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 09 Aug 2017 14:01:34 GMT
Connection: keep-alive

{
  "identifier": {
    "type": "dns",
    "value": "gethugames.in"
  },
  "status": "invalid",
  "expires": "2017-08-16T14:01:31Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:acme:error:unauthorized",
        "detail": "The key authorization file from the server did not match this challenge [zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU.4PfgJDvyBqBHxYO_OW_-GYQRfEpSCzVO84B72KmxkPg] != [zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU.Y-ZCxCwqaBXrNrsAVUOpgWN4EuDv21k-m6MlmrMyI4c]",
        "status": 403
      },
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs/1716090103",
      "token": "zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU",
      "keyAuthorization": "zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU.4PfgJDvyBqBHxYO_OW_-GYQRfEpSCzVO84B72KmxkPg",
      "validationRecord": [
        {
          "url": "http://gethugames.in/.well-known/acme-challenge/zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU",
          "hostname": "gethugames.in",
          "port": "80",
          "addressesResolved": [
            "104.131.73.51",
            "2604:a880:800:10::24e4:7001"
          ],
          "addressUsed": "104.131.73.51",
          "addressesTried": [
            "2604:a880:800:10::24e4:7001"
          ]
        }
      ]
    },
    {
      "type": "tls-sni-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs/1716090104",
      "token": "f_Do6GAuf84XLpu5z5l9SohTL0I1c7xZBXw7Ey9aFyI"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/Xxe22o_SRBHOxBW0PEm5flGBI3kWze-H5med8Wx4LTs/1716090105",
      "token": "vEI8JGj1E-sN7eC-lAB8C1SVKdS0mLXEzwntRl71CPM"
    }
  ],
  "combinations": [
    [
      0
    ],
    [
      2
    ],
    [
      1
    ]
  ]
}
2017-08-09 14:01:34,952:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/acme/authz/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0.
2017-08-09 14:01:35,150:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 "GET /acme/authz/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0 HTTP/1.1" 200 1112
2017-08-09 14:01:35,152:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 1112
Boulder-Request-Id: N0QixvPtqkTnZ62kbjfUW16yz1eEBJOEqTrJR7mTh3c
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Replay-Nonce: j9EZ3y5GcoKY8YG9JiLEL86ct-e72u29Ic56_e1Y3A4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 09 Aug 2017 14:01:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 09 Aug 2017 14:01:35 GMT
Connection: keep-alive

{
  "identifier": {
    "type": "dns",
    "value": "www.gethugames.in"
  },
  "status": "pending",
  "expires": "2017-08-16T14:01:31Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0/1716090121",
      "token": "G3pUbB8uRM2Tv4EFUQ6Q5bqAcf-bytpXW8sW02F-m38",
      "keyAuthorization": "G3pUbB8uRM2Tv4EFUQ6Q5bqAcf-bytpXW8sW02F-m38.4PfgJDvyBqBHxYO_OW_-GYQRfEpSCzVO84B72KmxkPg"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0/1716090122",
      "token": "707pgiot8sJ0MyhruzamxkxrdkYNWowmeRonLFlFq8M"
    },
    {
      "type": "tls-sni-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/9HvH9KqBJSgVWdXTiiCXHiQqoV40T2mBQs041FldYT0/1716090123",
      "token": "uE96KbsQ6NzJHsdVUGHfhMIDigWlfidrtG3KzGBdNvw"
    }
  ],
  "combinations": [
    [
      2
    ],
    [
      0
    ],
    [
      1
    ]
  ]
}
2017-08-09 14:01:35,154:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: gethugames.in
Type:   unauthorized
Detail: The key authorization file from the server did not match this challenge [zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU.4PfgJDvyBqBHxYO_OW_-GYQRfEpSCzVO84B72KmxkPg] != [zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU.Y-ZCxCwqaBXrNrsAVUOpgWN4EuDv21k-m6MlmrMyI4c]

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2017-08-09 14:01:35,154:INFO:certbot.auth_handler:Cleaning up challenges
2017-08-09 14:01:35,155:DEBUG:certbot.plugins.webroot:Removing /etc/letsencrypt/webroot/.well-known/acme-challenge/zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU
2017-08-09 14:01:35,156:DEBUG:certbot.plugins.webroot:Removing /etc/letsencrypt/webroot/.well-known/acme-challenge/G3pUbB8uRM2Tv4EFUQ6Q5bqAcf-bytpXW8sW02F-m38
2017-08-09 14:01:35,157:DEBUG:certbot.plugins.webroot:All challenges cleaned up, removing /etc/letsencrypt/webroot/.well-known/acme-challenge
2017-08-09 14:01:35,157:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 753, in main
    return config.func(config, plugins)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 692, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 82, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 357, in obtain_and_enroll_certificate
    certr, chain, key, _ = self.obtain_certificate(domains)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 318, in obtain_certificate
    self.config.allow_subset_of_names)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 81, in get_authorizations
    self._respond(resp, best_effort)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 138, in _respond
    self._poll_challenges(chall_update, best_effort)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 202, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. gethugames.in (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge [zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU.4PfgJDvyBqBHxYO_OW_-GYQRfEpSCzVO84B72KmxkPg] != [zPA86cZR5uQH39ibAvowig0SZgd3-djDg1EJ54T6VmU.Y-ZCxCwqaBXrNrsAVUOpgWN4EuDv21k-m6MlmrMyI4c]
sagar676 commented 6 years ago

i am also getting the same issue

MichaelSmi commented 6 years ago

Push!

I just ran into the very same issue described here. Was anyone able to solve it?

mrpink84 commented 6 years ago

Having just set up a clean VPS with Vesta from the install script, I recommend using the built in SSL support that comes with Vesta now and not even going with letsencrypt-vesta, since it hasn't been updated in 2 years.

I installed Certbot using (on Ubuntu 16.04):

sudo apt-get install software-properties-common sudo add-apt-repository ppa:certbot/certbot sudo apt-get install python-certbot-apache

After that, under WEB in VestaCP: Find the domain in question and click EDIT next to it Click ADVANCED OPTIONS Check SSL Support Check Lets Encrypt Support Click ADD Wait about 30 seconds as it should automatically create everything silently before reloading the page.

I found it didn't always show the information immediately so get out of the domain by going back to the WEB panel, and click back in (by clicking EDIT in the domain's entry) and you should see the SSL certificate textboxes propagated!

Side Note: If you can't even get the default Vesta page going without SSL on your domain, you'll need to look into your DNS issues before tackling the certificate side. Hope this helps!

pro-334 commented 6 years ago

It may be caused by the resolving your domain. https://centos.uwebweb.com/key-authorization-file-server-did-not-match-challenge-letsencrypt

pawisoon commented 5 months ago

Any luck? I just bumped into the same issue on fresh install of Ubuntu 24.04 and certbot 2.10.0