.company extension


#1

I have a problem trying to request a certificate for a xxxxx.company domainname.
This is the response:

Processing authorization for www.xxxxx.company…
Waiting for domain verification…
Trying again…
1…2…3…4…5…
Challenge status: invalid. Challenge error: “type”: “http-01”, “status”: “invalid”, “error”: { “type”: “urn:ietf:params:acme:error:unauthorized”, “detail”: “Invalid response from http://www.xxxxxx.company/.well-known/acme-challenge/1wbpm41W6s5Pjsq9R3N795mHRwbFINe6xh-_BlUI7PY: “\u003c!DOCTYPE HTML PUBLIC \”-//IETF//DTD HTML 2.0//EN\”\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e404 Not Found\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eNot Found\u003c/h1\u003e\n\u003cp"", “status”: 403 . Exiting…

All other domainnames are going well. Same server, DNS already checked and no errors.

What could be the problem?


#2

Hi @jin

please answer the following questions:


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):


#3

My domain is:
nelis.company

I ran this command:
./letsencrypt.sh renew nelis.company 4096

It produced this output:
Processing authorization for www.nelis.company…
Waiting for domain verification…
Trying again…
1…2…3…4…5…
Challenge status: invalid. Challenge error: “type”: “http-01”, “status”: “invalid”, “error”: { “type”: “urn:ietf:params:acme:error:unauthorized”, “detail”: “Invalid response from http://www.nelis.company/.well-known/acme-challenge/1wbpm41W6s5Pjsq9R3N795mHRwbFINe6xh-_BlUI7PY: “\u003c!DOCTYPE HTML PUBLIC \”-//IETF//DTD HTML 2.0//EN\”\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e404 Not Found\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eNot Found\u003c/h1\u003e\n\u003cp"", “status”: 403 . Exiting…

My web server is (include version):
Linux VPS

The operating system my web server runs on is (include version):
CentOS 7

My hosting provider, if applicable, is:
Talence

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
DirectAdmin

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Installed version of Let’s Encrypt client: 1.1.19


#4

You have ipv4 and ipv6 addresses ( https://check-your-website.server-daten.de/?q=nelis.company ):

Host T IP-Address is auth. ∑ Queries ∑ Timeout
nelis.company A 185.80.235.199 yes 1 0
AAAA 2001:888:2000:25:0:2:5:106 yes
www.nelis.company A 185.80.235.199 yes 1 0
AAAA 2001:888:2000:25:0:2:5:106 yes

But the answers are curious:

Domainname Http-Status redirect Sec. G
http://www.nelis.company/
2001:888:2000:25:0:2:5:106 301 http://nelis.company/ 0.034 D
http://nelis.company/
185.80.235.199 200 0.954 H
http://nelis.company/
2001:888:2000:25:0:2:5:106 -14 10.030 T
Timeout - The operation has timed out
http://www.nelis.company/
185.80.235.199 200 0.860 H
https://www.nelis.company/
185.80.235.199 301 http://nelis.company/ 1.906 N
Certificate error: RemoteCertificateNameMismatch
https://nelis.company/
185.80.235.199 200 2.796 N
Certificate error: RemoteCertificateNameMismatch
https://nelis.company/
2001:888:2000:25:0:2:5:106 404 1.827 N
Not Found
Certificate error: RemoteCertificateNameMismatch
https://www.nelis.company/
2001:888:2000:25:0:2:5:106 404 1.764 N
Not Found
Certificate error: RemoteCertificateNameMismatch
http://nelis.company/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.80.235.199 404 0.047 A
Not Found
http://nelis.company/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2001:888:2000:25:0:2:5:106 404 0.047 A
Not Found
http://www.nelis.company/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.80.235.199 404 0.046 A
Not Found
http://www.nelis.company/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2001:888:2000:25:0:2:5:106 404 0.033 A
Not Found

http + non-www + ipv6 has a timeout, http + www + ipv6 has a redirect.

But /.well-known/acme-challenge works with all combinations, every combination has the expected result http status 404, if the file is unknown.

And there are different Server headers:

A Info: Different Server-Headers found

Sometimes Apache, sometimes Apache/2. Apache/2 uses ipv6, Apache uses ipv4, Letsencrypt prefers ipv6.

So perhaps remove your ipv6 or check your config, so that ipv6 is handled correct.

Then recheck the domain. If the result is consistent, try to create a new certificate.


#5

I see what you mean. The ipv6 should not be there, I will contact the domainname provider about this.
Thank you!


closed #6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.