How to make the request valid?

My domain is: hirra.cn

I ran this command: certbot certonly --manual -d hirra.cn

It produced this output:

Create a file containing just this data:

2LuyBvaadB4ukfP64_ipj6DgA_yjdWD-x8UetHSvGuI.wh2Wtu_aLu3naFR-k8Nm_iBk7YmuyuFg9TdDUulilgo

And make it available on your web server at this URL:

http://hirra.cn/.well-known/acme-challenge/2LuyBvaadB4ukfP64_ipj6DgA_yjdWD-x8UetHSvGuI

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
  Domain: hirra.cn
  Type:   unauthorized
  Detail: Invalid response from http://hirra.cn/.well-known/acme-challenge/2LuyBvaadB4ukfP64_ipj6DgA_yjdWD-x8UetHSvGuI [39.105.157.196]: "<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"textml;charset=UTF-8\" />\n   <style>body{background-color:#FFFFFF}</style>"

My web server is (include version): nginx/1.20.1

The operating system my web server runs on is (include version): centos 7 ; kernel 3.10.0-1160.42.2.el7.x86_64

My hosting provider, if applicable, is: aliyun

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no, shell

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.20.0

Hi @myhirra and welcome to the LE community forum

You need to have a working HTTP site in order to secure it (via HTTP validation).

The site only returns an iframe, as "403 Forbidden", with a server signature of "Beaver":

curl -Iki hirra.cn
HTTP/1.1 403 Forbidden
Server: Beaver
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 597
Connection: close

<html>
<head>
<meta http-equiv="Content-Type" content="textml;charset=UTF-8" />
   <style>body{background-color:#FFFFFF}</style>
<title>TestPage184</title>
  <script language="javascript" type="text/javascript">
         window.onload = function () {
           document.getElementById("mainFrame").src= "http://batit.aliyun.com/alww.html";
            }
</script>
</head>
  <body>
    <iframe style="width:860px; height:500px;position:absolute;margin-left:-430px;margin-top:-250px;top:50%;left:50%;" id="mainFrame" src="" frameborder="0" scrolling="no"></iframe>
    </body>
      </html>

I see , maybe there is no letsencrypt server in China . So I need wait serveral days until the China's ISP being ready . Thanks.

@myhirra It looks like you might now have your setup so it can work.

When I try this I get a 404 (not found) which is expected since this file does not exist:

curl -I http://hirra.cn/.well-known/acme-challenge/Test-File-123

HTTP/1.1 404 Not Found
Server: nginx/1.20.1
Date: Tue, 19 Oct 2021 03:09:29 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive

You must place the challenge file under the root path for your nginx port 80 server and in folders under that named /.well-known/acme-challenge/.

If your nginx root is /var/www/html; the test challenge file would be in:
/var/www/html/.well-known/acme-challenge/Test-File-123

You replace Test-File-123 with the file name in the message from Certbot and put the data in it as it shows. In your original post that file name was 2LuyBvaadB4ukfP64_ipj6DgA_yjdWD-x8UetHSvGuI

You should also add --dry-run to your command while testing to avoid problems with rate limits if you try multiple times. Remove --dry-run once it is working and you want your actual certificate.

There are better command options for automation but your --manual option will prove that this can work for you.

Now China's ISP is ok and the request is valid. Thanks.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.