Got Error Whlie getting SSL from sslforfree.com

Domain “vustudentshub.epizy.com” challenge3 failed. Response from “https://acme-v02.api.letsencrypt.org/acme/challenge/6kMUQphbsLqhA1F9H1qiOBBjhWKnVnaOsHJ0vg9DYjk/13526831262” was:

Warning: Your verification URL is not returning the correct contents to our verification servers. The URL looks like it is blocking bots and which inadvertently blocks our servers from receiving the correct content. Contact your host, a professional developer or admin for further help with fixing it.

Error: Invalid response from http://vustudentshub.epizy.com/.well-known/acme-challenge/oKVdrumEv9phjnAwDi1EZCaSYzmTvCU0zrKQPhrgAIk [185.27.134.112]: “<html><body><script type=“text/javascript” src=”/aes.js" ></script><script>function toNumbers(d){var e=;d.replace(/(…)/g,func"

Full Error: { “type”: “http-01”, “status”: “invalid”, “error”: { “type”: “urn:ietf:params:acme:error:unauthorized”, “detail”: “Invalid response from http://vustudentshub.epizy.com/.well-known/acme-challenge/oKVdrumEv9phjnAwDi1EZCaSYzmTvCU0zrKQPhrgAIk [185.27.134.112]: “\u003chtml\u003e\u003cbody\u003e\u003cscript type=\“text/javascript\” src=\”/aes.js\” \u003e\u003c/script\u003e\u003cscript\u003efunction toNumbers(d){var e=;d.replace(/(…)/g,func"", “status”: 403 }, “url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/6kMUQphbsLqhA1F9H1qiOBBjhWKnVnaOsHJ0vg9DYjk/13526831262”, “token”: “oKVdrumEv9phjnAwDi1EZCaSYzmTvCU0zrKQPhrgAIk”, “validationRecord”: [ { “url”: “http://vustudentshub.epizy.com/.well-known/acme-challenge/oKVdrumEv9phjnAwDi1EZCaSYzmTvCU0zrKQPhrgAIk”, “hostname”: “vustudentshub.epizy.com”, “port”: “80”, “addressesResolved”: [ “185.27.134.112” ], “addressUsed”: “185.27.134.112” } ] }

My domain is http://www.vustudentshub.epizy.com

Hi @mukhlisurrehman

checking your website there is a problem (via https://check-your-website.server-daten.de/?q=vustudentshub.epizy.com ):

Domainname Http-Status redirect Sec. G
http://vustudentshub.epizy.com/
185.27.134.112 200 0.080 H
http://www.vustudentshub.epizy.com/
185.27.134.112 200 0.077 H
https://vustudentshub.epizy.com/
185.27.134.112 200 1.477 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
https://www.vustudentshub.epizy.com/
185.27.134.112 200 1.477 N
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
http://vustudentshub.epizy.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.27.134.112 200 0.080
Visible Content: This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support
http://www.vustudentshub.epizy.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.27.134.112 200 0.076
Visible Content: This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support

Your port 80 is open, that’s good.

But if you want to use http-01 validation, Letsencrypt checks a file in

/.well-known/acme-challenge/random-filename

So my tool does the same, expects a http status 404 - not found. But your server answers with a http status 200 and content, that says: “Please activate Javascript”.

Checked the answer manual:

<html><body><script type="text/javascript" src="/aes.js" ></script>
<script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&
arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var 
a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("b912174d079bc73ded9dbc958674190f");
document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="http://vustudentshub.epizy.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de?i=1";</script>
<noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>

So the code creates a cookie and redirects the user to the same address with ?i=1.

But the result: Letsencrypt can’t check the content.

What instance creates this script?

You should create an exception so all under /.well-known/acme-challenge doesn’t see that script.

Looks like a bot blocker.

Thanks for your early reply sir…
i am using chrome web browser and my javascipt is enable.
so i am still getting the same error

Browser answers are not really relevant. And the script may be buggy or something else.

But that blocks Letsencrypt to find the correct content.

Which instance creates that script? Did you ask your provider?

@leader gave a nice explanation of this general issue in another thread recently:

The response like you have received with an error is an indication of so called “bot protection” installed on your host. Usually that would be something like testcookie-nginx-module. Unfortunately, when Let’s Encrypt “verification agents” are trying to fetch the files, they are also seen as bots and they can’t retrieve the files.

1 Like

So how i remove this protection to use ssl.

You’ll need to find who or what has installed a bot blocker and disable it (at least on URLs within /.well-known/acme-challenge). If you didn’t set this up, maybe your web host did?

Thanks. Yep, there is a /aes.js integrated.

I had the idea to check that or to generate a warning.

But it’s unclear: Is this a user / customer defined script or uses the hoster such a solution?

The problem is that when i click on the Automatic FTTP Verification in the sslforfree.com
they automatically add the folder with this name but in the wrong path when i access the path with the url it’s not accessable. And when i customly add this folder in the internal website folder means in the httdoc folder then the url work.
Automatically sslforfree.com not add it in the httdoc folder.

That sounds like you’ll need to use the “Manual verification” option on the sslforfree site instead of giving that site your FTP credentials, and then create the file yourself.

I also test it with Manual Verification(2nd option) but it gives the same error…

If you want to check it i wil give you my all information you can also check it

Who set up this site and how is it hosted? Is there someone else responsible for administration whom you could ask for help?

its InfinityFree.com cpanel.

I Added these two files you can check it from here the links work fine…

Checked with an offline downloader it’s the same code:

<html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("b912174d079bc73ded9dbc958674190f");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="http://www.vustudentshub.epizy.com/.well-known/acme-challenge/qSn4EerZTY453JOoepfjo-qHkl3nnfYSHYUJwiK35SY?i=1";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>

You must deactivate that in /.well-known/acme-challenge.

I run it on my brower by putting this code in .html file extenssion but nothing will happen when i run it.

Your server doesn’t send such a code.

Your server has to send something like

_auTTDlrpaGVcbpT3zVaNa0w_v2_7YmcqygiHFCO9yw.yCch0mVZpEbB8u8Y4kPLwLUuccDBa3JMMSs08-s3_k0

nothing else.

The long, random name of the file, a dot and a hash value from the Letsencrypt account.

No html, no javascript, no redirect.

It means the problem is with my browser i use chrome?
Let me check it in Firefox…

It isn’t relevant which browser you use. Use an online tool or an offline downloader.

You must see something like that:

http://server-daten.de/.well-known/acme-challenge/1HN3r3jpDlI-LOpomu6JasQGsjFwHaVXk_8haZCoDO4

without JavaScript.