Lacks Sufficient Authorisation

I’ve tried other solutions I’ve seen here and so far I’m still just stucccckkkk.I would post the whole response but I can’t as I’m not allowed to have links in my posts here as a new user. So the error message is drastically shortened.

I have a vps and domain hosted with hostinger and have ubuntu and virtualmin. I’m not using nginx (was advised not to?).I’m trying to get my ssl worked out but when I run the letsencrypt page in VirtualMin I receive this error:

error:unauthorized :: The client lacks sufficient authorization ::
Invalid response from XXX 404

I’ve contacted hostinger just to confirm I’m using the right ip address and they say I am. The domain points to the vps and the site is loading. I just can’t figure out why letsencrypt won’t authorize. Any help please?

OS type and version Ubuntu Linux 18.04.6
Webmin version 1.999
Virtualmin version 7.1-1
Related packages ?

This is pretty much always one of two things (searching should turn up dozens of conversations about these two things):

  1. DNS is wrong. Your domain name is not pointing to the IP you think it is. (Or your authoritative server is not the one you think it is). Let’s Encrypt is making a request to validate, but it’s going to some server other than your Virtualmin server.
  2. Some app, proxy rule, or redirect rule, is sucking up the Let’s Encrypt request (you have to exclude .well-known directory from any proxy/redirect rules or whatever, Virtualmin automatically does this for most things that it sets up). The app doesn’t recognize the request URL and is serving a 404. .well-known must be served from the filesystem in order to validate Let’s Encrypt.

Create a simple HTML file in /home/domainname/public_html/.well-known and try to visit it from your browser. What happens? That’s what Let’s Encrypt is seeing. You need to make it so that anyone can access that directory.

If it’s not obvious what’s wrong after that, look in the access_log for that domain for further clues. And, if you see no entries in the access_log for that domain when you try to visit that .well-known URL with your browser, it means you’re not actually hitting that server (or that domain) for some reason, and we’re probably back to DNS being the problem.

well when I put a basic html file in that folder (which I had to make, it wasn’t already there?) it loads normally.

Edit: I fount it, somehow ipv6 wasn’t setup properly.

1 Like

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.