Let's Encrypt 404 error during challenge

marat · September 7, 2018, 11:26pm

Hey guys,

I’ve got Hassio running on a Pi. I’ve configured Google Domains and I’m trying to get Let’s Encrypt up and running.

Everytime I try to start it I get the following:

starting version 3.2.4
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for MYDOMAIN.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. MYDOMAIN.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://MYDOMAIN.com/.well-known/acme-challenge/-PwUrDhq0eGLV36j-zZqQDLitfXDkAK_aGhQ6dd4IcY [MYIP]: 404
IMPORTANT NOTES:
 - The following errors were reported by the server:
   Domain: MYDOMAIN.com
   Type:   unauthorized
   Detail: Invalid response from
   http://MYDOMAIN.com/.well-known/acme-challenge/-PwUrDhq0eGLV36j-zZqQDLitfXDkAK_aGhQ6dd4IcY
   [MYIP]: 404
   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

Anyone have any tips about this one?

P.S. The log file that it’s telling me about /var/log/letsencrypt/letsencrypt.log doesn’t exist either.

DavidFW1960 · September 8, 2018, 12:00am

Looks like port 80 isn’t opened. Do you have 80 forwarded to 80 on the Pi in your router?

marat · September 8, 2018, 2:09am

That was exactly the answer. Thanks very much

I had 80 and 443 both forwarded to 8123.

Once it’s setup, should I remove the port forwarding for 80 or keep it for cert renewal?

DavidFW1960 · September 8, 2018, 2:20am

up to you. I keep 80-80 just for letsencrypt.

marat · September 8, 2018, 2:27am

Awesome… thanks for the help David.