Could not issue, using HTTP instead of HTTPS

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: da-pool.com

I ran tried to reisue cert via th ewebsite

It produced this output:
ould not issue an SSL/TLS certificate for da-pool.com
Details

Could not issue a Let’s Encrypt SSL/TLS certificate for da-pool.com .

The authorization token is not available at http://da-pool.com/.well-known/acme-challenge/A8RaNGhZOAMnVGdBM9ICdoanNixOZwhIjF_BSbWqDS0.

To resolve the issue, make sure that the token file can be downloaded via the above URL.

See the related Knowledge Base article for details.

Details

Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/5122027849.

Details:

Type: urn:ietf:params:acme:error:unauthorized

Status: 403

Detail: Invalid response from http://da-pool.com/.well-known/acme-challenge/A8RaNGhZOAMnVGdBM9ICdoanNixOZwhIjF_BSbWqDS0 [52.117.175.213]: "<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN”

note that the URL listed in the error is HTTP and not HTTPs. not sure why this is

My web server is (include version): unknown

The operating system my web server runs on is (include version): unknow

My hosting provider, if applicable, is: https://www.asphostportal.com/

I can login to a root shell on my machine (yes or no, or I don’t know): i don’t know


I’m using a control panel to manage my site (no, or provide the name and version of the control panel): using the asphostingportal web control panel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

1 Like

Hi @crcucb99

your configuration is buggy - see https://check-your-website.server-daten.de/?q=da-pool.com

Checking the url

http://da-pool.com/.well-known/acme-challenge/A8RaNGhZOAMnVGdBM9ICdoanNixOZwhIjF_BSbWqDS0

there is a blocking error message - http status 403.

HTTP Error 403.4 - Forbidden

The page you are trying to access is secured with Secure Sockets Layer (SSL).

Access to that subdirectory is required.

2 Likes

I am not sure what needs to be done because the directory exists and I can navigate to it using HTTPs.

What is puzzling to me is the error says to make sure the token file can be downloaded via: http://da-pool.com/.well-known/acme-challenge/4IhFxkMyqo4CdRVqbIr5-302kQDBNh9yrcq8hH1jvf8

But I am able to navigate to https://da-pool.com/.well-known/acme-challenge/4IhFxkMyqo4CdRVqbIr5-302kQDBNh9yrcq8hH1jvf8 and I see the token value.

I do not see any differences with permissions between the root down through the /.well-known/acme-challenge/ folder.

1 Like

http throws an error, so it’s not relevant that https works.

You have to remove that error / blocking http status 403.

1 Like

Verified with the host, there is nothing blocking that directory. I am trying to renew the cert that is already applied. Should I try deleting it then applying it again?

There is something. Please read

http://da-pool.com/.well-known/acme-challenge/4IhFxkMyqo4CdRVqbIr5-302kQDBNh9yrcq8hH1jvf8

HTTP Error 403.4 - Forbidden

You have to change that.

1 Like

http://da-pool.com/.well-known/acme-challenge/4IhFxkMyqo4CdRVqbIr5-302kQDBNh9yrcq8hH1jvf8 results in an error because it’s using HTTP and not HTTPS. I have the Let’s Encrypt cert already applied, it just needs to be renewed. Because it’s applied that means we cannot navigate using HTTP, only HTTPS, correct??
note, https://da-pool.com/.well-known/acme-challenge/4IhFxkMyqo4CdRVqbIr5-302kQDBNh9yrcq8hH1jvf8 works.

Should there be an option or something to allow HTTP although a certificate is already applied?

That’s wrong, please read the basics.

http / port 80 is required if you want to create a certificate. It’s not relevant if it is your first certificate or a renew.

1 Like