"Failed authorization procedure" when trying to install Certbot

Linode Staff

When trying to install Certbot on my Linode, I get the following authorization error:

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: domain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for domain.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. domain.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain.com/.well-known/acme-challenge/vlJv6b9Bv52YkePkscbugWUCWWjqQVPN86aM2Y2HMIc [2600:3c02::f03c:91ff:fece:ec1f]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: domain.com
   Type:   unauthorized
   Detail: Invalid response from
   http://domain.com/.well-known/acme-challenge/vlJv6b9Bv52YkePkscbugWUCWWjqQVPN86aM2Y2HMIc
   [2600:3c02::f03c:91ff:fece:ec1f]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
   Not Found</h1></center>\r\n<hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
(base) [email protected]:~$

1 Reply

After doing some research on this, it looks like you'll need to edit the server block in your Nginx configuration file to include an additional permission. I was able to find a possible solution on askubuntu.com here:

“Failed authorization procedure” when trying to add SSL certificate to site

Essentially, when you open your Nginx configuration file, you're adding a permission allowing public accessibility (replace 'your_path_to' with your file path):

location ^~ /.well-known {
root /your_path_to/document_root;
allow all;
}

There's also some really good information about editing your Nginx server block in this Community site post and this guide on configuring Nginx.

I hope this points you in the right direction. Let us know if this works!

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct