Apache2 - Certbot renew - The client lacks sufficient authorization :: Invalid response from

To: Liste Debian <debian-user-french@lists.debian.org>
Subject: Apache2 - Certbot renew - The client lacks sufficient authorization :: Invalid response from
From: G2PC <g2pc@visionduweb.com>
Date: Wed, 20 Feb 2019 18:51:06 +0100
Message-id: <[🔎] 891a2bdd-529b-6aa7-6dfa-2a95e35636a5@visionduweb.com>

Bonjour,
Je n'arrive pas à renouveler mon certificat Certbot.

Merci aux spécialistes de Certbot de me conseiller dans la résolution de cette erreur :
The client lacks sufficient authorization :: Invalid response from

0- J'ai créé le certificat de la sorte : sudo certbot certonly --webroot --agree-tos --email vision.du.web@free.fr -d green-nrj.com -d www.green-nrj.com -d unis-pour-le-climat.com -d www.unis-pour-le-climat.com -d unis-pour-la-planete.com -d www.unis-pour-la-planete.com -d visionduweb.fr -d www.visionduweb.fr -w /var/www/html --rsa-key-size 4096

J'ai donc un dossier principale green-nrj.com qui comprend le certificat pour l'ensemble des domaines.
Mes sites sont bien accessibles en HTTPS.

1- J'ai tenté "certbot-auto renew" mais le paquet "certbot-auto" ne semble pas présent.
Faut t'il que je l'installe, est t'il présent sur Debian Stretch par défaut ?

2- La commande certbot renew me renvoie une erreur : The client lacks sufficient authorization :: Invalid response from
J'ai l'impression que l'erreur est due au protocole http:// mais sans aucune certitude !
( http://www.visionduweb.fr/.well-known/acme-challenge/euQstJaPGZ3QQ8wm2Akzp5sseWLKKvBvkAo-dW2Qfyk )

- Je suis censé être en HTTPS non ?
- Surtout depuis que j'ai validé HSTS pour ce domaine visionduweb.fr
- L'appel vers http:// serait donc erroné ?! Que faire ?

Notes
Voilà les VHosts mis en place sur le serveur :
https://www.visionduweb.eu/wiki/index.php?title=VirtualHosts_des_domaines_enregistr%C3%A9s
Et plus spécifiquement celui pour visionduweb.fr
https://www.visionduweb.eu/wiki/index.php?title=VirtualHosts_des_domaines_enregistr%C3%A9s#visionduweb.fr

Voilà le message d'erreur suite à la commande "certbot renew"

sudo certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/green-nrj.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for visionduweb.fr
http-01 challenge for www.visionduweb.fr
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (green-nrj.com) from /etc/letsencrypt/renewal/green-nrj.com.conf produced an unexpected error: Failed authorization procedure. www.visionduweb.fr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.visionduweb.fr/.well-known/acme-challenge/euQstJaPGZ3QQ8wm2Akzp5sseWLKKvBvkAo-dW2Qfyk: "<!DOCTYPE html>\n<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"fr-fr\" lang=\"fr-fr\" dir=\"ltr\">\n    <head>\n        <meta htt", visionduweb.fr (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://visionduweb.fr/.well-known/acme-challenge/NqcCUIEySWiT4ATh_-yGJpXuqd2lEF-vFsaa5cYcL1c: "<!DOCTYPE html>\n<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"fr-fr\" lang=\"fr-fr\" dir=\"ltr\">\n    <head>\n        <meta htt". Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/green-nrj.com/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/green-nrj.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
- The following errors were reported by the server:

   Domain: www.visionduweb.fr
   Type:   unauthorized
   Detail: Invalid response from
   http://www.visionduweb.fr/.well-known/acme-challenge/euQstJaPGZ3QQ8wm2Akzp5sseWLKKvBvkAo-dW2Qfyk:
   "<!DOCTYPE html>\n<html xmlns=\"http://www.w3.org/1999/xhtml\"
   xml:lang=\"fr-fr\" lang=\"fr-fr\" dir=\"ltr\">\n    <head>\n
   <meta htt"

   Domain: visionduweb.fr
   Type:   unauthorized
   Detail: Invalid response from
   http://visionduweb.fr/.well-known/acme-challenge/NqcCUIEySWiT4ATh_-yGJpXuqd2lEF-vFsaa5cYcL1c:
   "<!DOCTYPE html>\n<html xmlns=\"http://www.w3.org/1999/xhtml\"
   xml:lang=\"fr-fr\" lang=\"fr-fr\" dir=\"ltr\">\n    <head>\n
   <meta htt"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

3- Cette proposition de correction ne me parle pas.
J'ai l'impression que le problème viens du protocole et peut être de HSTS que j'ai mis en place par après ?
   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

Reply to:

Follow-Ups:
- Re: Apache2 - Certbot renew - The client lacks sufficient authorization :: Invalid response from
  - From: "Ph. Gras" <ph.gras@worldonline.fr>

Prev by Date: Re:%20Re%20:%20xorg%20lent%20%c3%a0%20afficher%20le%20bureau
Next by Date: Gnome et suppression des fichiers
Previous by thread: Re:%20Re%20:%20xorg%20lent%20%c3%a0%20afficher%20le%20bureau
Next by thread: Re: Apache2 - Certbot renew - The client lacks sufficient authorization :: Invalid response from
Index(es):
- Date
- Thread