Authorization Result Failed... Please Help!

My domain is: FinditClassifieds.com

I ran this command: letsencrypt.exe

Choose from one of the menu options above: M
Enter a host name: www.finditclassifieds.com
Enter a site path (the web root of the host for http authentication): C:\cable\f
inditclassifieds_com\web

It produced this output:

Authorizing Identifier www.finditclassifieds.com Using Challenge Type http-01
Writing challenge answer to C:\cable\finditclassifieds_com\web.well-known/acme-
challenge/dW3BFFhtSaJkBWyscHss_zEyBbx0xXWRblpqpmH3FMs
Answer should now be browsable at http://www.finditclassifieds.com/.well-known/a
cme-challenge/dW3BFFhtSaJkBWyscHss_zEyBbx0xXWRblpqpmH3FMs
Submitting answer
Refreshing authorization
Refreshing authorization
Refreshing authorization
Authorization Result: invalid
Authorization Failed invalid


The ACME server was probably unable to reach http://www.finditclassifieds.com/.w
ell-known/acme-challenge/dW3BFFhtSaJkBWyscHss_zEyBbx0xXWRblpqpmH3FMs

Check in a browser to see if the answer file is being served correctly.


Press enter to continue.

My web server is (include version): IIS 7

The operating system my web server runs on is (include version): Win 2008

My hosting provider, if applicable, is: Accuwebhosting

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
letsencrypt-win-simple.V1.9.3

Hi @webzcom

check your url:

There

http://www.finditclassifieds.com/.well-known/acme-challenge/dW3BFFhtSaJkBWyscHss_zEyBbx0xXWRblpqpmH3FMs

is a http status 403 - Forbidden. So that can’t work.

Change that (you may have additional configuration errors).

1 Like

Not only the ACME challenge returns a 403, the whole site at http://www.finditclassifieds.com/ returns a 403 Forbidden error.

Thank you for the quick reply!
I saw some LetsEncrpyt traffic coming from 34.209.232.166.
I’m going through all the 403 errors in the logs. Its has to be agent or IP issue.

Your IP and agent please?

Your help is so appreciated!!!

You shouldn’t use whitelisting for ACME validations from Let’s Encrypt, as Let’s Encrypt uses multiple IP addresses which can change at any time. See for more information: https://letsencrypt.org/docs/faq/#what-ip-addresses-does-let-s-encrypt-use-to-validate-my-web-server

You can use however the path of the authorization token: /.well-known/acme-challenge/ is used by Let’s Encrypt for the authorization tokens through the http-01 challenge.

Thank you!

I’m looking at all the 403s and whitelisting all the LetsEncrypt IPs.

Looks like I have a server issue some then. Its either the firewall or IIS filtering rules. I’ll go through all that then check back.

Again, much appreciated!!!

You have a log, there you see the ip and the useragent.

Blacklisting /.well-known/acme-challenge is bad.

JuergenAuer,

Thanks for tolerated my stupid questions.

So many layer of security. Found this one in the IIS IP filtering rules. I had to put allow rules in for all your IPs / IP ranges and then it worked.

Again, thank for all your help.

If this site makes any money, I’ve give some of it to LetsEncrypt for their invaluable service.

Regards,
Rick Cable
FinditClassifieds.com

1 Like