Challenge 3 problem with manual

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: yaaeel.ir

I ran this command: manual upload 2 files

It produced this output:

Domain “yaaeel.ir” challenge3 failed. Response from “https://acme-v01.api.letsencrypt.org/acme/challenge/gDHi9Uz5Icm2pGcZqvzBIEboecpWyD-EVdo5oor22zA/2224996817” was: { “type”: “http-01”, “status”: “invalid”, “error”: { “type”: “urn:acme:error:unauthorized”, “detail”: “Invalid response from http://yaaeel.ir/.well-known/acme-challenge/xvDpEaKB4DaBqQKIvustqN04OYrpJNdCSpqvyxvtp4I: “\u003chtml\u003e\u003cbody\u003e\u003cscript type=“text/javascript” src=”/aes.js” \u003e\u003c/script\u003e\u003cscript\u003efunction toNumbers(d){var e=[];d.replace(/(…)/g,func"", “status”: 403 }, “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/gDHi9Uz5Icm2pGcZqvzBIEboecpWyD-EVdo5oor22zA/2224996817”, “token”: “xvDpEaKB4DaBqQKIvustqN04OYrpJNdCSpqvyxvtp4I”, “keyAuthorization”: “xvDpEaKB4DaBqQKIvustqN04OYrpJNdCSpqvyxvtp4I.pbQTRWWSAv8pCKxtacoHTjYchhQO2LcVQKr7hQbsUlE”, “validationRecord”: [ { “url”: “http://yaaeel.ir/.well-known/acme-challenge/xvDpEaKB4DaBqQKIvustqN04OYrpJNdCSpqvyxvtp4I”, “hostname”: “yaaeel.ir”, “port”: “80”, “addressesResolved”: [ “185.27.134.160” ], “addressUsed”: “185.27.134.160”, “addressesTried”: [] } ] }

Itried several times
I can open files from url but every time I got error
your bot cant find them

My web server is (include version):

Linux freeweb5.byetcluster.com 2.6.32-673.26.1.lve1.4.27.el6.x86_64 #1 SMP Sun May 7 19:22:54 EDT 2017 x86_64
Build Date May 31 2017 14:10:52
Configure Command ‘./configure’ ‘–prefix=/usr/php70’ ‘–with-apxs2=/opt/rh/httpd24-php70/root/usr/bin/apxs’ ‘–disable-cli’ ‘–disable-cgi’ ‘–with-config-file-path=/etc/php70’ ‘–enable-inline-optimization’ ‘–disable-rpath’ ‘–with-layout=GNU’ ‘–with-pear=/usr/share/php’ ‘–enable-calendar’ ‘–with-iconv’ ‘–enable-exif’ ‘–enable-ftp’ ‘–with-gettext’ ‘–disable-ipv6’ ‘–disable-wddx’ ‘–with-zlib’ ‘–without-pgsql’ ‘–enable-zip=/usr’ ‘–with-exec-dir=/usr/lib/php4/libexec’ ‘–without-sybase-ct’ ‘–with-gd’ ‘–with-jpeg-dir=/usr’ ‘–with-png-dir=/usr’ ‘–with-ttf=shared,/usr’ ‘–with-t1lib’ ‘–with-freetype-dir=/usr’ ‘–enable-gd-native-ttf’ ‘–with-sqlite’ ‘–enable-ctype’ ‘–enable-bcmath’ ‘–enable-mbstring’ ‘–disable-inifile’ ‘–disable-flatfile’ ‘–with-mysql’ ‘–with-mysqli’ ‘–with-pdo-mysql’ ‘–with-libdir=lib64’ ‘–disable-posix’ ‘–with-openssl’ ‘–with-curl=/usr/local/phpcurl’ ‘–with-openssl-dir=/usr/local/ossl102/’ ‘–with-mcrypt’ ‘–with-xmlrpc’ ‘–with-imap’ ‘–with-imap-ssl’ ‘–with-kerberos’ ‘–enable-soap’ ‘–with-icu-dir=/usr/local/icu571’ ‘–enable-intl’ '–with-xsl’
Server API Apache 2.0 Handler

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:gigfa.com it uses (ifastnet.com) servers

I can login to a root shell on my machine (yes or no, or I don’t know): no

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): vpanel

the links of files avalabe yet if you want i can upload more files
if possible I want you to check and not refer me to bot please

Your validation file looks fine now. Perhaps you proceeded with validation too quickly after uploading the file? Try running it again, and make sure you can access the new file it gives you before telling it it’s okay to proceed with validation.

Let’s Encrypt does not offer human-assisted validation; it is the only way they can feasibly offer certificates free of charge.

hollo
i tryed again both manual and ftp

it seems some problem to bot , it uploaded the files but didn’t confirm human can reach

http://yaaeel.ir/.well-known/acme-challenge/-awTo3fenVndeogPRCRdL8nuXra4xDwcMMlLqqPjZm4

http://yaaeel.ir/.well-known/acme-challenge/LTBrwPjM21URjxsgVJ0ZXHDL9DEAMDxBP-UWioV8NZs

http://yaaeel.ir/.well-known/acme-challenge/sslforfree_test_59e5f800926bb9.13956782

http://yaaeel.ir/.well-known/acme-challenge/xEF-g5mdtHjKk9pBiEdko08IUjvZtKO8WVRxw8PhbQo

Are you running certbot or another command, or using a website like sslforfree.com?

If you’re running some command, please copy and paste the entire command.

If you’re using a web interface, please confirm which one.

sslforfree.com
i used

Can you try one of zerossl.com or the subtly different gethttpsforfree.com?

The site you used is a bit less popular and might have bugs.

of course … let me see … thank you

plz answer
please answer

@cpu any idea what’s going on here?

I see a proper NOERROR with https://unboundtest.com/m/CAA/yaaeel.ir/7VZ32O74 and they didn’t seem to be getting this error before.

Also @yaaeel it’s possible your DNS servers might have just been having some temporary trouble so you might want to just try again while we wait for him.

I don’t see anything super obvious. I noticed that dnsviz flags an error for this zone:

yaaeel.ir zone: The following NS name(s) did not resolve to address(es): ns3.byte.org, ns4.byte.org

I can confirm that querying those NS records will SERVFAIL but I’m not 100% clear where DNSViz learns those from, I don’t see them in the results of a dig -s NS yaaeel.ir.

As you mentioned, perhaps the problem has been resolved and those NS names without IPs were removed? (If I had to guess I’d say they are typos of the ns3.byet.org and ns4.byet.org that are present in the NS results when I query).

Thanks Daniel! I see they are listed in the WHOIS for this domain:

nserver:	ns1.gigfa.com
nserver:	ns2.gigfa.com
nserver:	ns3.byte.org
nserver:	ns4.byte.org
nserver:	ns1.gigfa.com
nserver:	ns2.gigfa.com

@yaaeel the ns3 and ns4 records are incorrect. If you update them with IRNIC to the proper spelling (ns3.byet.org and ns4.byet.org) things may work better for you.

1 Like

Aha! That would do it :slight_smile: I never think to check WHOIS.

Thanks @Patches

thank you
but i get same error again from both zerossl and sslforfree

it may be your bot ip is ban from some where
does it goes through nic.ir ??

You are right, that does look like it might be some sort of bot detection / CAPTCHA. It would be your web host (which appears to be gigfa.com or a reseller) that is doing it. When searching the web I see some forum posts in Persian from webmasters complaining about CAPTCHAs with them.

There may be a way to whitelist /.well-known/acme-challenge from this detection in your control panel, or disable it altogether temporarily. Or you can contact their support. They use Let’s Encrypt for their home page; they may want to fix it for all their customers!

That’s progress! It’s now saying that it can hit your server, but your server is responding with an HTML page instead of the challenge file. Can you go over your configs and see why it’s not serving files directly from .well-known/acme-challenge? You can test this yourself by trying to access that file and noting that you get back a webpage instead of the file itself.

I don’t know where do I change the settings my panel is vpanel (vista panel)
or is there some command to put .htaccess or some files to correct it??
I also send a message to my host provider and attach the link of this topic
i am waitig for answer
thank you friends

hi
I find this


but for files with no extension I don’t know what I have to do

Domain “yaaeel.ir” challenge3 failed. Response from “https://acme-v01.api.letsencrypt.org/acme/challenge/TqEOB2ZKxxk3BZEcX0SdYutn0pym0KdIS6pmniPRdOc/2246846592” was: { “type”: “http-01”, “status”: “invalid”, “error”: { “type”: “urn:acme:error:unauthorized”, “detail”: “Invalid response from http://yaaeel.ir/.well-known/acme-challenge/CixM1YSzxR4JzWvKNIU0Yl86ADAGbl0g0wPQsk4MMMU: “\u003chtml\u003e\u003cbody\u003e\u003cscript type=“text/javascript” src=”/aes.js” \u003e\u003c/script\u003e\u003cscript\u003efunction toNumbers(d){var e=[];d.replace(/(…)/g,func"", “status”: 403 }, “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/TqEOB2ZKxxk3BZEcX0SdYutn0pym0KdIS6pmniPRdOc/2246846592”, “token”: “CixM1YSzxR4JzWvKNIU0Yl86ADAGbl0g0wPQsk4MMMU”, “keyAuthorization”: “CixM1YSzxR4JzWvKNIU0Yl86ADAGbl0g0wPQsk4MMMU.g-M-wRQMh_HODzErh4q4PhpdGBd_60xlpl2bnyjpOX8”, “validationRecord”: [ { “url”: “http://yaaeel.ir/.well-known/acme-challenge/CixM1YSzxR4JzWvKNIU0Yl86ADAGbl0g0wPQsk4MMMU”, “hostname”: “yaaeel.ir”, “port”: “80”, “addressesResolved”: [ “185.27.134.160” ], “addressUsed”: “185.27.134.160”, “addressesTried”: [] } ] }