Getting Access Denied while challenging

My domain is: ramon.lasp.co

I ran this command: acme.sh --issue -d ramon.lasp.co -w /usr/share/nginx/html/ --server letsencrypt
(also tried with certbot both standalone and webroot)

It produced this output:
[Thu Aug 12 16:09:48 EDT 2021] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/21286352720/JuRPOQ'
[Thu Aug 12 16:09:49 EDT 2021] _CURL='curl --silent --dump-header /root/.acme.sh/http.header -L -g '
[Thu Aug 12 16:09:49 EDT 2021] _ret='0'
[Thu Aug 12 16:09:49 EDT 2021] _hcode='0'
[Thu Aug 12 16:09:49 EDT 2021] code='200'
[Thu Aug 12 16:09:49 EDT 2021] ramon.lasp.co:Verify error:Invalid response from http://ramon.lasp.co/.well-known/acme-challenge/uqG_KWuIi04UeSvAVemd1yLAcxnByhQnIRccrfIalXk [190.12.122.189]:

My web server is (include version):
Nginx latest in fedora

The operating system my web server runs on is (include version):
Fedora 31 (Server Edition)
My hosting provider, if applicable, is: none

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
latest certbot, latest acme.sh both failed with same error.

Also to add some info, if I try to access ramon.lasp.co/.well-known/acme-challenge/[token] I can download it without issues... In other words I don't receive the "Access Denied"

Looking at the certbot log I see:
Domain: ramon.lasp.co
Type: unauthorized
Detail: Invalid response from http://ramon.lasp.co/.well-known/acme-challenge/3heAiS0c8EthWADwShhl76ciMjgzooJiY4rr1kHYp0k [190.12.122.189]: "\n\n<meta http-equiv="content-type" content="text/html; charset=UTF-8" />\nAccess Denied\n"

Anyhelp will be much appreciated.

I'm getting a forbidden error on your site entirely? Is that supposed to happen? And I might be mistaken, but to me the error page doesn't look like a standard nginx error page?

1 Like

Hi! Thanks for the fast answer,
if you navigate to http://ramon.lasp.co you should be able to access a Fedora test web page, the resolved IP should be 190.12.122.189 if I'm not wrong.
Also if you access for example
http://ramon.lasp.co/.well-known/acme-challenge/c72IMabwqs5QjlZJQcXkiaKgLxUdZCDkcCYGcj3wC0s
you should be able to download the challenge file.

Thanks again!

1 Like

I'm afraid not: the IP is correct, but both URLs are showing "Access Denied":

access denied

Is your webserver hosted behind a NAT router? Perhaps its portmap might be incorrect and pointing to a different server?

Unfortunately the returned headers of the webserver serving the error message aren't helping: no clue as to what kind of webserver/device it is..

1 Like

weird stuff, I've accessed it using my phone (no VPN or anything...) it works.
I've asked someone here if I could use his phone. It works.
I've accessed it from Spain. It works.

I've tested it even by IP (it's not a reverse proxy, it's redirecting everything at least in port 80 and 443)

And yes, sure there is a NAT in the middle, but what I can't make any sense of is you (and letsencrypt by the way) seeing that strange access denied... I'm suspicious about the firewall, that isn't being served by my server.

See also sites like https://www.screenshotmachine.com/ or https://web-capture.net/

1 Like

Thanks again, the guys from IT are not working right now but tomorrow as soon as possible I'll ask them, still I suspect the firewall might have something to do with it.

1 Like

Yeah, likely some kind of GeoLocation blocking.

curl -Iki ramon.lasp.co
HTTP/1.1 403 Forbidden
Connection: close
Content-Length: 504
Content-Type: text/html; charset=UTF-8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.