Certsage - urn:ietf:params:acme:error:unauthorized

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: vermeer.tv

I ran this command: CertSage

It produced this output:

urn:ietf:params:acme:error:unauthorized
198.177.120.58: Invalid response from cPanel Login "\n\n\n\n \n "
My web server is (include version):

The operating system my web server runs on is (include version):

Unknown (vps)

My hosting provider, if applicable, is:

Namecheap

I can login to a root shell on my machine (yes or no, or I don't know):

I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

Cpanel 118.0.25

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Certsage 1.4.2

Hello @zyxxyz, welcome to the Let's Encrypt community.

Supplemental information.

Looks to be server: LiteSpeed

$ curl -Ii http://vermeer.tv/.well-known/acme-challenge/sometestfile
HTTP/1.1 404 Not Found
keep-alive: timeout=5, max=100
date: Mon, 11 Nov 2024 21:14:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed

Are we supposed to see just the index of your webroot?

download1280×1280 21 KB

Usually one has some kind of website to show.

Also, this is different than the "cPanel Login" which was mentioned in the communities Discourse URL parser, so it looks like something has changed.

Also, that index page is secured by a certificate issued this morning: crt.sh | 14521677650.

So I'm not sure why you're now trying to get another cert?

Welcome to the Let's Encrypt Community!

Try acquiring a certificate that covers all these:

vermeer.tv
autodiscover.vermeer.tv
cpanel.vermeer.tv
cpcalendars.vermeer.tv
cpcontacts.vermeer.tv
mail.vermeer.tv
webdisk.vermeer.tv
webmail.vermeer.tv
www.vermeer.tv

I'm having the same issue with two of my sites, this is my first renewal with certsage so I thought I might be doing something wrong. I'm also on namecheap with the exact same error.

Usually this has to do with whether or not a cPanel instance of the hosting provider makes an internal exception/"pointer" for each "functional" (i.e. internal) subdomain name. Traditionally I've only acquired certificates covering these three domain names for each of my own domains (and some "extra" subdomain names when hosting multiple domain names on one cPanel, which is slightly more complex):

domain.com
mail.domain.com
www.domain.com

I've had mixed results covering the whole lot of internal subdomain names due to the inconsistency over time with how cPanel handles the HTTP-01 challenges used be Let's Encrypt to verify domain control.

If you're hosting multiple domain names on one cPanel, I highly recommend following what I've written here:

Thanks; that results in the same error. I guess this is because it tries to do the challenge through cpanel.vermeer.tv, which is probably redirected by the server internally.

Some tests: vermeer.tv and mail.vermeer.tv works, both cpanel.vermeer.tv and webmail.vermeer.tv results in this error. And indeed, when I simply go to these url's with my browser, vermeer.tv and mail.vermeer.tv show the file index as posted by Osiris, while cpanel.vermeer.tv and webamil.vermeer.tv are redirected to other pages.

Apparently, it worked a few weeks ago. Any suggestions how to get a certificate that includes these subdomains?

Indeed, there is no website currently installed. I use this mainly for mail.

The crt.sh-page you link to seem to suggest that the certificate was issued on Sept 12, which seems about right. However, I'm not familiar with that website, so maybe I'm reading things wrong. Can you point me to the line that states that it was issued on 11/11?

I'm trying to get a new cert, because this one will expire on Dec 11.

Whoops, I misread the date. Thought it already was 12 November and probably mistaken the "11" from the expiry date as the November mark.. I was waaaaaaaaaaaaaaaaayy off

No sweat - now I know you're human

Unfortunately, if cPanel isn't cooperating, CertSage won't be able to acquire a certificate covering those subdomains. However, there's usually no real harm in not covering those with your own certificate since cPanel will use its own in a sideways way. You can reach the same functionality with your certificate via:

https://vermeer.tv:2083 (cPanel login)
https://vermeer.tv:2096 (webmail login)

I was able to have success with just using the autodiscover.domainname, mail.domainname and www.domainname along with the domainname on it's own.

It's a bit unsettling for other users to go to webmail.vermeer.tv and be confronted with a warning about an insecure connection, though. cPanel is fine, that's just for me anyway.

If someone has found a solution or workaround for this, I'd be happy to learn about it!

Indeed, autodiscover works; it does not give the same error as webmail.domainname or cpanel.domainname.

They can just go to https://vermeer.tv:2096 and not be confronted with any warning.

Same goes for https://vermeer.tv:2083 for you.

Yes, I got that - it's just that it is far easier for me to communicate webmail.vermeer.tv and for them to remember it, instead of vermeer.tv:2096.

I hear ya there. Wish things were different.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.