Certbot + NGINX is simple and quick – but it can be tricky sometimes if you are using a weird config and don’t look to close at it. Here is why…
Joomla
For some of my old project I still use Joomla as my CMS. Tho I do not like it at all anymore, it is to much of a hustle to move them to a framework like Symfony. Because these 6 TLDs with joomla are generating traffic on my main site – I leave them for now.
Lazy as I am I google „Joomla NGINX“ and get the first result with all I need – so I thought. Turns out to be a 3 hour odyssey of finding a solution so simple.
Error
The error appeared after trying sudo certbot –nginx on my VServer to create a new symfony project. All other projects worked fine with the challange before – I was frustrated and almost gave up.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. test.info (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://test.info/.well-known/acme-challenge/ASMusgGgSuxH-czAl_Xhi-cDvxj_YiCfsR5NqYeyh3Q [2a01:238:435e:4100:c3b4:cad4:cf61:9be5]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>", www.test.info (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.test.info/.well-known/acme-challenge/NoXBkfrEgFJPrJmxWuS3_OcAcPZhJ50YkcIW7RqT2gg [2a01:238:435e:4100:c3b4:cad4:cf61:9be5]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: test.info
Type: unauthorized
Detail: Invalid response from
http://test.info/.well-known/acme-challenge/ASMusgGgSuxH-czAl_Xhi-cDvxj_YiCfsR5NqYeyh3Q
[2a01:238:435e:4100:c3b4:cad4:cf61:9be5]:
"<html>\r\n<head><title>404 Not Found</title></head>\r\n<body
bgcolor=\"white\">\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>"
Domain: www.test.info
Type: unauthorized
Detail: Invalid response from
http://www.test.info/.well-known/acme-challenge/NoXBkfrEgFJPrJmxWuS3_OcAcPZhJ50YkcIW7RqT2gg
[2a01:238:435e:4100:c3b4:cad4:cf61:9be5]:
"<html>\r\n<head><title>404 Not Found</title></head>\r\n<body
bgcolor=\"white\">\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Simple solution
If you have a IPV4 and IPV6 Adress used in your DNS settings and you don’t really need the IPV6 – just remove it and your challange will most likely go through. This happens if your server/firewall is not setup correctly. Certbot simply has the IPV6 as a default and fails because of misconfiguration.