Challenge urn:ietf:params:acme:error:unauthorized error

My domain is:
xgpt.gerhard.dev

I ran this command:
requested certificate through directadmin

It produced this output:

Cannot open netlink socket: Protocol not supported
2025/03/01 01:36:00 [INFO] [xgpt.gerhard.dev] acme: Obtaining SAN certificate
2025/03/01 01:36:01 [INFO] [xgpt.gerhard.dev] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/168071550/482981297615
2025/03/01 01:36:01 [INFO] [xgpt.gerhard.dev] acme: Could not find solver for: tls-alpn-01
2025/03/01 01:36:01 [INFO] [xgpt.gerhard.dev] acme: use http-01 solver
2025/03/01 01:36:01 [INFO] [xgpt.gerhard.dev] acme: Trying to solve HTTP-01
2025/03/01 01:36:07 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz/168071550/482981297615
2025/03/01 01:36:07 Could not obtain certificates:
error: one or more domains had a problem:
[xgpt.gerhard.dev] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: 199.59.243.228: Invalid response from http://xgpt.gerhard.dev/.well-known/acme-challenge/iRM3uD95Ekxay3omA-XbHeiVK1azMlt1yfebs41T8jg: " Failed to issue new certificate

My web server is (include version):

The operating system my web server runs on is (include version):
CentOS 7.8.2003

My hosting provider, if applicable, is:
fxw + cloudflare

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
DirectAdmin 1.668

Let's debug shows no errors: Let's Debug

{
  "type": "http-01",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall/168071550/482981297615/wOWw2A",
  "status": "invalid",
  "validated": "2025-03-01T00:46:03Z",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "199.59.243.228: Invalid response from http://xgpt.gerhard.dev/.well-known/acme-challenge/iRM3uD95Ekxay3omA-XbHeiVK1azMlt1yfebs41T8jg: \"\u003c!doctype html\u003e\u003chtml data-adblockkey=\\\"MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4p\"",
    "status": 403
  },
  "token": "iRM3uD95Ekxay3omA-XbHeiVK1azMlt1yfebs41T8jg",
  "validationRecord": [
    {
      "url": "http://xgpt.gerhard.dev/.well-known/acme-challenge/iRM3uD95Ekxay3omA-XbHeiVK1azMlt1yfebs41T8jg",
      "hostname": "xgpt.gerhard.dev",
      "port": "80",
      "addressesResolved": [
        "199.59.243.228"
      ],
      "addressUsed": "199.59.243.228"
    }
  ]
}

Hello @Gerhard1, welcome to the Let's Encrypt community. :slightly_smiling_face:

A CNAME can be the only record for the FQDN, no subdomains under it.
This is clearly a DNS is configuration issue.

That does not seem true; Hardenize Report: xgpt.gerhard.dev
And here SSL Server Test: xgpt.gerhard.dev (Powered by Qualys SSL Labs)

Thanks for the welcome and pointing out the DNS issues, I was very confused since these cname records were not added by me. Turned out the domain name expired today, registrar added their parking page cname records..

Renewed domain name and added a New let's encrypt certificate without any issues :slight_smile:

1 Like