Azure LetsEncrypt 403

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: milsitios.com

I ran this command: AzureLetsEncrypt extension

It produced this output:

Unable to complete challenge with Lets Encrypt servers error was: {“type”:“http-01”,“url”:“https://acme-v02.api.letsencrypt.org/acme/chall-v3/1163998162/aC8e7w",“status”:“Invalid”,“validated”:null,“error”:{“Type”:“urn:ietf:params:acme:error:connection”,“Detail”:"Fetching http://milsitios.com/.well-known/acme-challenge/sgwPAICFJYvNyHxTdd4vBbJVSbyOL8SBByFyizUTZmg: Timeout during connect (likely firewall problem)”,“Identifier”:null,“Subproblems”:null,“Status”:400},“errors”:null,“token”:“sgwPAICFJYvNyHxTdd4vBbJVSbyOL8SBByFyizUTZmg”,“keyAuthorization”:null}

Strangely going direct to http://milsitios.com/.well-known/acme-challenge/sgwPAICFJYvNyHxTdd4vBbJVSbyOL8SBByFyizUTZmg in a browser succeeds ok.

My web server is (include version): azure web app service

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Azure

I can login to a root shell on my machine (yes or no, or I don’t know): No

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Help would be very much appreciated

Thanks
Alan

1 Like

Hi @Alanw

your configuration can’t work.

Your ip addresses - https://check-your-website.server-daten.de/?q=milsitios.com

Host T IP-Address is auth. ∑ Queries ∑ Timeout
milsitios.com A 168.63.53.239 Dublin/Leinster/Ireland (IE) - Microsoft Corporation No Hostname found yes 1 0
A 184.168.131.241 Scottsdale/Arizona/United States (US) - GoDaddy.com, LLC Hostname: ip-184-168-131-241.ip.secureserver.net yes 1 0
AAAA yes
www.milsitios.com A 184.168.131.241 Scottsdale/Arizona/United States (US) - GoDaddy.com, LLC Hostname: ip-184-168-131-241.ip.secureserver.net yes 1 0
AAAA yes

But checking an unknown file in /.well-known/acme-challenge

http://milsitios.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

there is the wrong answer - a frame. So the validation file is invisible.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> 
<html> <head> <title>Milsitios</title> <meta name="description" content=""> 
<meta name="keywords" content=""> </head> 
<frameset rows="100%,*" border="0"> 
<frame src="https://donderir.azurewebsites.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de" frameborder="0" />
 </frameset> </html> 

Is this

donderir.azurewebsites.net

your domain? If yes, you have to change your DNS, so you use a CNAME.

Or use the ip of that domain directly.

Yep - donderir.azurewebsites.net has the 168.63.53.239 ip address. So remove the GoDaddy ip of your non-www and change the ip address of your www.

1 Like
Name:       milsitios.com
Addresses:  168.63.53.239
            184.168.131.241

Name:     www.milsitios.com
Address:  184.168.131.241
1 Like