Unable to install Let's Encrypt certificate for subdomain: The client lacks sufficient authorization

Created:

2016-12-24 15:59:19 UTC

Modified:

2017-08-08 13:42:53 UTC

0

Was this article helpful?


Have more questions?

Submit a request

Unable to install Let's Encrypt certificate for subdomain: The client lacks sufficient authorization

Applicable to:

  • Plesk Onyx for Linux

Symptoms

  • Affected domain is configured to use Apache Tomcat
  • The following error occurs when trying to assign SSL certificate using Let's Encrypt extension:
    Error: Let's Encrypt SSL certificate installation failed: Failed letsencrypt execution: Saving debug log to /usr/local/psa/var/modules/letsencrypt/logs/letsencrypt.log
    Obtaining a new certificate
    Performing the following challenges:
    http-01 challenge for sub.example.com Waiting for verification...
    Cleaning up challenges
    Failed authorization procedure. sub.example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://sub.example.com/.well-known/acme-challenge/fgsfds:
    "<!DOCTYPE html><html><head><title>Apache Tomcat/8.0.36 - Error report</title><style type="text/css">H1 {font-family:Tahoma,Arial" IMPORTANT NOTES: - The following errors were reported by the server: Domain: sub.example.com Type: unauthorized Detail: Invalid response from http://sub.example..com/.well-known/acme-challenge/fgsfds: "<!DOCTYPE html><html><head><title>Apache Tomcat/8.0.36 - Error report</title><style type="text/css">H1 {font-family:Tahoma,Arial"
  • Additional Apache directives exist in Domains > sub.example.com > Apache & nginx Settings :

    <Location /.well-known/acme-challenge/*>
     ProxyPass http://localhost:8023/
    </Location>

Cause

Additional custom Apache directives interfere communication between Apache, Apache Tomcat and Let's Encrypt servers.

Resolution

  1. Temporary remove these additional directives from Domains > sub.example.com > Apache & nginx Settings .
  2. Apply certificate using Let's Encrypt extension: Domains > sub.example.com > Let's Encrypt > Install .
  3. Put previously removed Apache directives back.
Have more questions? Submit a request
Please sign in to leave a comment.