Ssl – Unable to verify the domain for letsencrypt

domainlets-encryptsslssl-certificate

I can't understand how to verify my domain for letsencrypt.

$ ./letsencrypt-auto certonly -a webroot --webroot-path=/home/my_user1/my_domain -d my_domain.com -d www.my_domain.com
Requesting root privileges to run certbot...
  /home/my_user1/.local/share/letsencrypt/bin/letsencrypt certonly -a webroot --webroot-path=/home/my_user1/my_domain -d my_domain.com -d www.my_domain.com
Failed authorization procedure. my_domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://my_domain.com/.well-known/acme-challenge/aaa: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>", www.my_domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.my_domain.com/.well-known/acme-challenge/bbbb: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: my_domain.com
   Type:   unauthorized
   Detail: Invalid response from
   http://my_domain.com/.well-known/acme-challenge/aaaaa:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

   Domain: www.my_domain.com
   Type:   unauthorized
   Detail: Invalid response from
   http://www.my_domain.com/.well-known/acme-challenge/bbbb:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

After that I create those 2 files in acte-challenge directory, re-run the script and but this time it requests 2 different ones. That is, it's always step ahead and can't know what files it'll generate next time.

What should I do about that?

Best Answer

The error message

Requesting root privileges to run certbot...

and the $ in $ ./letsencrypt-auto seem to indicate that you're trying to run letsencrypt as an unprivileged user.

System Requirements

The Let’s Encrypt Client ... requires root access in order to write to /etc/letsencrypt, /var/log/letsencrypt, /var/lib/letsencrypt; to bind to ports 80 and 443 (if you use the standalone plugin) and to read and modify webserver configurations (if you use the apache or nginx plugins).

Cert-bot is slightly more forgiving, but will need additional parameters when you don't run it as root:

The webroot and manual plugins work well without root privileges. However, you need to provide writable paths for Certbot’s working directories either by ensuring that /etc/letsencrypt/, /var/log/letsencrypt/, /var/lib/letsencrypt/ are writable, or by picking different directories with the --config-dir, --logs-dir, and --work-dir flags.

Related Topic