Authorizations for these names not found or expired with Ngrok

Hi,

I’m getting a error as detailed below, is this possibly relating to using an Ngrok sub-domain or is it a code inconsistency?

Thanks
Jamie.

System.Web.Services.Protocols.SoapException: System.Web.Services.Protocols.SoapException: Server was unable to process request. —> ACMESharp.AcmeClient+AcmeWebException: Unexpected error +Response from server:

Code: Forbidden
Content: {
“type”: “urn:acme:error:unauthorized”,
“detail”: “Error creating new cert :: authorizations for these names not found or expired: 17e5f37e.ngrok.io”,
“status”: 403
} —> System.Net.WebException: The remote server returned an error: (403) Forbidden.
at System.Net.HttpWebRequest.GetResponse()
at ACMESharp.AcmeClient.RequestHttpPost(Uri uri, Object message) in C:\DATA\Production\SolidCPv2\ACMESharp\ACMESharp\ACMESharp\AcmeClient.cs:line 700
— End of inner exception stack trace —`

It seems like a problem with the ACMESharp client where it thinks it has already validated a domain and obtained authorization to issue for it but the server is saying that authorization has expired. The client should create a new authorization and solve one the challenges associated with it before trying to issue for the name. I would recommend you open a support ticket with the ACMESharp developers and see if they can help you understand why this is happening.

Thank you for the reply, I do have an issue raised with AcmeSharp which im waiting for a reply on, however it appears to be the response from server which in my mind seems as if when it gets to the retrieving certificate process the server is not expecting that name which has left me at a bit of a brick wall at this point as I can’t see anything that stands out.

{
“identifier”: {
“type”: “dns”,
“value”: “b86519ff.ngrok.io
},
“status”: “invalid”,
“expires”: “2017-07-04T11:40:53Z”,
“challenges”: [
{
“type”: “dns-01”,
“status”: “pending”,
“uri”: “https://acme-staging.api.letsencrypt.org/acme/challenge/lBLG81iuj8WkbjuBA9xftp-RLZeTTUPLSsv584OheOU/45859472”,
“token”: “dJ4QmAiLjOTX0Kege_zk3je4DxUAoc18x_iHs8SAtKU”
},
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:acme:error:unauthorized”,
“detail”: "Invalid response from http://b86519ff.ngrok.io/.well-known/acme-challenge/wJByj7U6tqXRVJ70WeThIWTF0417_pbOXaTHFtZlNgc: “{\r\n “$type”: “ACMESharp.AuthorizationState, ACMESharp”,\r\n “IdentifierPart”: {\r\n “$type”: “ACMESharp.Messages.IdentifierPart””,
“status”: 403
},
“uri”: “https://acme-staging.api.letsencrypt.org/acme/challenge/lBLG81iuj8WkbjuBA9xftp-RLZeTTUPLSsv584OheOU/45859473”,
“token”: “wJByj7U6tqXRVJ70WeThIWTF0417_pbOXaTHFtZlNgc”,
“keyAuthorization”: “wJByj7U6tqXRVJ70WeThIWTF0417_pbOXaTHFtZlNgc.7flDtgOU_xufV-RQocv75wVtFwg5DwzB70phwfKAsXA”,
“validationRecord”: [
{
“url”: “http://b86519ff.ngrok.io/.well-known/acme-challenge/wJByj7U6tqXRVJ70WeThIWTF0417_pbOXaTHFtZlNgc”,
“hostname”: “b86519ff.ngrok.io”,
“port”: “80”,
“addressesResolved”: [
“52.15.194.28”,
“2600:1f16:59e:b200:b032:6bdb:1d2b:40a”
],
“addressUsed”: “2600:1f16:59e:b200:b032:6bdb:1d2b:40a”,
“addressesTried”: []
}
]
},
{
“type”: “tls-sni-01”,
“status”: “pending”,
“uri”: “https://acme-staging.api.letsencrypt.org/acme/challenge/lBLG81iuj8WkbjuBA9xftp-RLZeTTUPLSsv584OheOU/45859474”,
“token”: “JfFtlYeTkCa4y6_oS6aJ5iTkk4h6owR0xyfiZIY3zWM”
}
],
“combinations”: [
[
0
],
[
1
],
[
2
]
]
}

Hi @bitsfarm, Thanks for the additional output!

This is even more convincingly a problem with ACMESharp. The Validation Server contacts your domain for the acme-challenge file and instead of getting back a key authorization to complete the challenge it's getting back some kind of JSON blob that looks to be made by ACMESharp (based on the key/values in the JSON object).

I don't know enough about Windows servers/ACMESharp to suggest a fix, but at present there is nothing to be done from the server side. This is a client misconfiguration/bug.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.