Failed authorization procedure. www.88sk.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response


#1

My domain is:88sk.com

I ran this command:./letsencrypt-auto certonly --webroot -w /home/wwwroot/88sk.com/web --email lianmengshang@gmail.com -d 88sk.com -d www.88sk.com -d m.88sk.com

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for 88sk.com
http-01 challenge for www.88sk.com
http-01 challenge for m.88sk.com
Using the webroot path /home/wwwroot/88sk.com/web for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.88sk.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.88sk.com/.well-known/acme-challenge/QlHX5pFDAgTtXDJaLXu5q0iEnOkUrcqpQcXS2BxHCDI: “var ar=”/.well-known/acme-challenge/QlHX5pFDAgTtXDJaLXu5q0iEnOkUrcqpQ",br=“sqc2”,er,cr=new Array(),dr;functi", m.88sk.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://m.88sk.com/.well-known/acme-challenge/ZXAxUf7-p6YdGv3yBBZSDg6Yr4h4dCa2bNPIDgRFGiU: “var ng=”/.well-known/acme-challenge/ZXAxUf7-p6YdGv3yBBZSDg6Yr4h4dCa2b",og=“sqc2”,rg,pg=new Array(),qg;functi", 88sk.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://88sk.com/.well-known/acme-challenge/qyK8y0wXpns1xqZRb9W7RNajPY50zMtuOA9vT-5U4VA: “var ts=”/.well-known/acme-challenge/qyK8y0wXpns1xqZRb9W7RNajPY50zMtuO",us=“sqc2”,xs,vs=new Array(),ws;functi"

IMPORTANT NOTES:

The operating system my web server runs on is (include version):Centos 7

this time i test all the domain as:
http://88sk.com/.well-known/acme-challenge/test.txt
http://www.88sk.com/.well-known/acme-challenge/test.txt
http://m.88sk.com/.well-known/acme-challenge/test.txt
but still get the error above,Why???


#2

The website really does return that page of obfuscated JavaScript. Maybe it blocks clients from the United States. Or the JavaScript tests whether a client is really a browser.

The Let’s Encrypt validator needs to get the real challenge file, not that page.

You need to figure out what’s sending that page – maybe a web application firewall – and either turn it off or exclude /.well-known/acme-challenge/ from it.


#3

+1, it appears to be a form of geo-blocking.

From Australia:

$ curl -i 88sk.com/.well-known/acme-challenge/0wQatNLNC9WxsRohHePyKHwALwEdtvw-OIEqDe4bOBc
HTTP/1.1 404 Not Found
Server: nginx
Date: Tue, 24 Apr 2018 01:18:57 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

From Canada:

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length:  1040
Pragma: no-cache
Cache-control: no-store

<html><body><script>var ci="/.well-known/acme-challenge/0wQatNLNC9WxsRohHePyKHwALwEdtvw-O",di="zsu3",aj,ei=new Array(),fi;function ai(bi){for(aj=0;aj<fi.length;aj++)ei[aj]=fi.charCodeAt(aj);for(aj=2;aj<=58;aj++){ei[aj]=(-((~((ei[aj]>>3)|((ei[aj]<<5)&0xff)))&0xff))&0xff;}aj="for(aj=55;;aj--){if(aj<3)break;ei[aj]=(((((~ei[aj])&0xff)-190)&0xff)+174)&0xff;}";eval(aj);aj="aj=1;do{if(aj>55)break;ei[aj]=(((((((ei[aj]<<6)&0xff)|(ei[aj]>>2))<<1)&0xff)|((((ei[aj]<<6)&0xff)|(ei[aj]>>2))>>7))+168)&0xff;aj++;}while(true);";eval(aj);fi="";for(aj=1;aj<ei.length-1;aj++)if(aj%6)fi+=String.fromCharCode(ei[aj]^bi);eval(fi);}fi="E\xb0_`\xc0p;\xf1\\p\x81\xd0G`\xfb\xb0\x10,\x0f\x9c\x0e\xce\x91\xbe\x0b\xd0\xbd\xa0n\x9e\x98\xb0m\xd1\x10`O\xd1\xc0pM\x90\xf3\x81\x9c,\xc0\x10\x0f<\x9co\xb1\xd0`@\x80\xa2\xeag";ai(119);</script><script>var u=2;for(;u==1;u++);</script><br><br><br><center><h3><p>&#x8BBF;&#x95EE;&#x672C;&#x9875;&#x9762;&#xFF0C;&#x60A8;&#x7684;&#x6D4F;&#x89C8;&#x5668;&#x9700;&#x8981;&#x652F;&#x6301;JavaScript</p></h3></center></body></html>

#4

Thank u for reply
I try to disable default firewalld by : systemctl disable firewalld
But i still not work.
I also try curl from my US hosts
curl -i 88sk.com/.well-known/acme-challenge/0wQatNLNC9WxsRohHePyKHwALwEdtvw-OIEqDe4bOBc
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 977
Pragma: no-cache
Cache-control: no-store




访问本页面,您的浏览器需要支持JavaScript

How can I make sure he Let’s Encrypt validator get the real challenge file?


#5

Maybe I know why .This hosts was Suffered from CC attack ,And A firewall has been set up in Host supplier
Thanks again


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.