Letsencrypt failure


#1

ee site create mysite.com --php7 --wp --le won’t generate the cert…

my let’s encrypt log says

To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address.
2017-05-13 22:45:37,864:INFO:certbot.auth_handler:Cleaning up challenges
2017-05-13 22:45:37,864:DEBUG:certbot.plugins.webroot:Removing /var/www/MYSITE.com/htdocs/.well-known/acme-challenge/JZfI-zHNAau2nlnySrrQQ89AmoXaSxCSNKm1CKXtyQo
2017-05-13 22:45:37,865:DEBUG:certbot.plugins.webroot:Removing /var/www/MYSITE.com/htdocs/.well-known/acme-challenge/ydWkOtX0uIzkF1NH7t5ru-BBEjHyGxzxvbtm5GiF3cU
2017-05-13 22:45:37,865:DEBUG:certbot.plugins.webroot:All challenges cleaned up, removing /var/www/MYSITE.com/htdocs/.well-known/acme-challenge
2017-05-13 22:45:37,865:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
    sys.exit(main())
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 742, in main
    return config.func(config, plugins)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 682, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/main.py", line 82, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 344, in obtain_and_enroll_certificate
    certr, chain, key, _ = self.obtain_certificate(domains)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/client.py", line 313, in obtain_certificate
    self.config.allow_subset_of_names)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 81, in get_authorizations
    self._respond(resp, best_effort)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 138, in _respond
    self._poll_challenges(chall_update, best_effort)
  File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/auth_handler.py", line 202, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. MYSITE.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://MYSITE.com/.well-known/acme-challenge/JZfI-zHNAau2nlnySrrQQ89AmoXaSxCSNKm1CKXtyQo: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>", www.MYSITE.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.MYSITE.com/.well-known/acme-challenge/ydWkOtX0uIzkF1NH7t5ru-BBEjHyGxzxvbtm5GiF3cU: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"

I’ve verified my DNS entries…

The only way I could get this to work was to install certbot off backports and using the temp server authentication option for authorization. Would appreciate some feedback on what might have been causing the issue.


#2

can you access the url?


#3

Yes, can access the .well-known directory. The script is erasing the authentication key.


#4

that’s a known issue, EE confirmed For now


#5