Apache 2.4 'urn:ietf:params:acme:unauthorised'

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: planningaccess.york.gov.uk

I ran this command: wacs --verbose --test (M - manual input - (FQDN) - freindly - 1 or 2 (result is the same) - RSA - PEM - (PEM path) - no additional

It produced this output: Invalid response from… /.well-known/… status 403

My web server is (include version): OS 2012 Apache 2.4

The operating system my web server runs on is (include version): Windows 2012

My hosting provider, if applicable, is: -

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): -

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 2.1.2.641

1 Like

Hi @Goatie

there

is your answer. /.well-known/acme-challenge/random-filename is blocked - http status 403.

Checking your domain a http status 404 - Not Found is required - https://check-your-website.server-daten.de/?q=planningaccess.york.gov.uk#url-checks

Domainname Http-Status redirect Sec. G
http://planningaccess.york.gov.uk/ 91.244.229.208 302 http://planningaccess.york.gov.uk/online-applications Html is minified: 100,00 % 0.097 D
http://planningaccess.york.gov.uk/online-applications 302 https://planningaccess.york.gov.uk/online-applications Html is minified: 100,00 % 0.113 A
https://planningaccess.york.gov.uk/ 91.244.229.208 302 https://planningaccess.york.gov.uk/online-applications Html is minified: 100,00 % 5.754 B
https://planningaccess.york.gov.uk/online-applications 302 https://planningaccess.york.gov.uk/online-applications/ 6.487 B
https://planningaccess.york.gov.uk/online-applications/ No GZip used - 4494 / 15019 - 29,92 % possible
Inline-JavaScript (∑/total): 3/701 Inline-CSS (∑/total): 0/0 200 Html is minified: 162,95 % 6.640 I
http://planningaccess.york.gov.uk/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 91.244.229.208 Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0 403 Html is minified: 100,00 % 0.100 M
Forbidden
Visible Content: Forbidden You don’t have permission to access /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de on this server.

The last row must have a http status 404 - not 403.

So create the two subdirectories /.well-known/acme-challenge in your document root and check the permissions.

PS: Read

1 Like

Hi - thanks for the suggestions.
The random file name is created in the .well-known/acme-challenge folder, and I can open the file and see the content, but the web server is not allowing access.

That’s the problem you have to fix. Your Apache must be able to read that file. So check your permissions.

After some slow searching and testing, I’ve discovered its actually the extensionless file used.
For some reason I cannot fathom yet, the 2.4 install I’m dealing with is blocked from reading these.

I’ve tried to set FilesMatch to force extensionless as text/plain but it is either being overwritten somewhere else or is being ignored.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.