0

I am using Apache servers to host my Django (v2.1) app. I've installed Letsencrypt certificate for HTTPS. Now the time of renewal has come and it is giving me some unauthorized access error.

When I run sudo certbot command, I got the following output.

/usr/lib/python3/dist-packages/requests/__init__.py:80: RequestsDependencyWarning: urllib3 (1.23) or chardet (3.0.4) doesn't match a supported version! RequestsDependencyWarning) Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: noppera.tk 2: www.noppera.tk - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 2 Cert is due for renewal, auto-renewing... Renewing an existing certificate Performing the following challenges: http-01 challenge for www.noppera.tk Waiting for verification... Cleaning up challenges Failed authorization procedure. www.noppera.tk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.noppera.tk/.well-known/acme-challenge/U0D416-6zOf7YRW0jAVIG8oiLthmpy_xmewRdUlwrQM [34.240.58.158]: 400 IMPORTANT NOTES: - The following errors were reported by the server: Domain: www.noppera.tk Type: unauthorized Detail: Invalid response from http://www.noppera.tk/.well-known/acme-challenge/U0D416-6zOf7YRW0jAVIG8oiLthmpy_xmewRdUlwrQM [34.240.58.158]: 400 To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.

Also if I run this for option 1, I got the same error. (If you want, I can paste that log too)

What I've already tried is the following:

  • Has already installed django-letsencrypt==3.0.1
  • Added letsencrypt in settings.py
  • Added the following line in urls.py url(r'^\.well-known/', include('letsencrypt.urls')),

Right now site is accessible using HTTPS. Can anyone help me out renewing the certificate?

EDIT 1

Option 1 Logs:

/usr/lib/python3/dist-packages/requests/__init__.py:80: RequestsDependencyWarning: urllib3 (1.23) or chardet (3.0.4) doesn't match a supported version! RequestsDependencyWarning) Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator apache, Installer apache Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: noppera.tk 2: www.noppera.tk - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 1 Obtaining a new certificate Performing the following challenges: http-01 challenge for noppera.tk Waiting for verification... Cleaning up challenges Failed authorization procedure. noppera.tk (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://noppera.tk/.well-known/acme-challenge/y6dj0WW9qDgZiBnDTmXmA5FTSusyjabeE3dZs5eEGpI [34.240.58.158]: "\n\n<html>\n<head>\n <script src=\"https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js\"></script>\n\n\n\n\n\n\n\n<style>\n /*" IMPORTANT NOTES: - The following errors were reported by the server: Domain: noppera.tk Type: unauthorized Detail: Invalid response from https://noppera.tk/.well-known/acme-challenge/y6dj0WW9qDgZiBnDTmXmA5FTSusyjabeE3dZs5eEGpI [34.240.58.158]: "\n\n<html>\n<head>\n <script src=\"https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js\"></script>\n\n\n\n\n\n\n\n<style>\n /*" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.

Django Log for option 1 (noppera.tk)

Invalid HTTP_HOST header: '{{HOST IP}}'. You may need to add '{{HOST IP}}' to ALLOWED_HOSTS. Bad Request: /console/login/LoginForm.jsp Not Found: /.well-known/acme-challenge/WRiDAIe3JPBlZXVWduKBYKrmYKbyS3I2eetsth0YBD0

Django Log for option 2 (www.noppera.tk)

Invalid HTTP_HOST header: 'www.noppera.tk'. You may need to add 'www.noppera.tk' to ALLOWED_HOSTS. Bad Request: /.well-known/acme-challenge/GTX3_zQ6XPymDUn1WVZ_27vO_XtYxPClBD5uA8Y1nhM

Right now, ALLOWED_HOSTS = ["*"]

EDIT 2

Changed ALLOWED_HOSTS = ["*"] to ALLOWED_HOSTS = ["www.noppera.tk", "*"] for Option 2, but same error.

Improve this question
11
  • Is the site additionally accessible via HTTP? The url is above in the message and needs to be accessisible too externally. When I try it from here, I indeed get "Bad Request (400)" Commented May 2, 2019 at 12:42
  • I don't think so , but I assume it cannot be accessed via http (to be honest, someone else did first time setup, so I've a minimal idea, sorry for that). Commented May 2, 2019 at 12:47
  • "Right now site is accessible using HTTPS". FYI I'm also getting a 400 Bad Request for the root of the site over HTTPS from here i.e. for noppera.tk Commented May 2, 2019 at 13:01
  • Oh yes, I can see that but if you open without "www", it works noppera.tk, not sure about this .. Commented May 2, 2019 at 13:16
  • can you access the django logs? If it returns a 400 error then it must be raising an error and logging it. Commented May 2, 2019 at 16:10

1 Answer 1

Reset to default
0

I have found a solution. Posting to help others.

The problem was lying with the duplicate conf in the apache2/sites-available folder. There were 2 default configs and 2 custom config for my site (for each http and https). So what I did was disable the default config and reload Apache using sudo a2dissite default-ssl.conf and sudo a2dissite 000-default.conf.

After that I executed sudo certbot and it renewed certificates successfully.

Few of the useful resources are below:

  1. https://www.jbarrett.me/blog/items/4/setting-ssl-django-app-lets-encrypt-ubuntu-apache-and-mod_wsgi

  2. https://www.digitalocean.com/community/tutorials/how-to-install-the-apache-web-server-on-ubuntu-18-04#step-5-%E2%80%94-setting-up-virtual-hosts-(recommended)

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.