Apache 2.4 'urn:ietf:params:acme:unauthorised'

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: planningaccess.york.gov.uk

I ran this command: wacs --verbose --test (M - manual input - (FQDN) - freindly - 1 or 2 (result is the same) - RSA - PEM - (PEM path) - no additional

It produced this output: Invalid response from… /.well-known/… status 403

My web server is (include version): OS 2012 Apache 2.4

The operating system my web server runs on is (include version): Windows 2012

My hosting provider, if applicable, is: -

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): -

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 2.1.2.641

1 Like
2

Hi @Goatie

there

is your answer. /.well-known/acme-challenge/random-filename is blocked - http status 403.

Checking your domain a http status 404 - Not Found is required - https://check-your-website.server-daten.de/?q=planningaccess.york.gov.uk#url-checks

Domainname Http-Status redirect Sec. G
http://planningaccess.york.gov.uk/ 91.244.229.208 302 http://planningaccess.york.gov.uk/online-applications Html is minified: 100,00 % 0.097 D
http://planningaccess.york.gov.uk/online-applications 302 https://planningaccess.york.gov.uk/online-applications Html is minified: 100,00 % 0.113 A
https://planningaccess.york.gov.uk/ 91.244.229.208 302 https://planningaccess.york.gov.uk/online-applications Html is minified: 100,00 % 5.754 B
https://planningaccess.york.gov.uk/online-applications 302 https://planningaccess.york.gov.uk/online-applications/ 6.487 B
https://planningaccess.york.gov.uk/online-applications/ No GZip used - 4494 / 15019 - 29,92 % possible
Inline-JavaScript (∑/total): 3/701 Inline-CSS (∑/total): 0/0 200 Html is minified: 162,95 % 6.640 I
http://planningaccess.york.gov.uk/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 91.244.229.208 Inline-JavaScript (∑/total): 0/0 Inline-CSS (∑/total): 0/0 403 Html is minified: 100,00 % 0.100 M
Forbidden
Visible Content: Forbidden You don't have permission to access /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de on this server.

The last row must have a http status 404 - not 403.

So create the two subdirectories /.well-known/acme-challenge in your document root and check the permissions.

PS: Read

1 Like
3

Hi - thanks for the suggestions.
The random file name is created in the .well-known/acme-challenge folder, and I can open the file and see the content, but the web server is not allowing access.

4

That's the problem you have to fix. Your Apache must be able to read that file. So check your permissions.

5

After some slow searching and testing, I’ve discovered its actually the extensionless file used.
For some reason I cannot fathom yet, the 2.4 install I’m dealing with is blocked from reading these.

I’ve tried to set FilesMatch to force extensionless as text/plain but it is either being overwritten somewhere else or is being ignored.

6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.