Invalid response on verification challenge but file can be accessed in the directory

jfreyre · March 21, 2019, 7:04am

I’m using le64 in Windows 7 to get a certificate. However, domain verifications results in error and the client gets an invalid response in spite the challenge file is accesible via a web browser at http://abasy.ccg.unam.mx/.well-known/acme-challenge/Az8SGV3eyqCNM5jEO_ZKrTzTUga5so3Ww2xjG8It40M

My domain is: abasy.ccg.unam.mx

I ran this command:
le64 --key jfreyre-zerossl.key --csr abasy.csr --csr-key abasy.key --crt abasy.crt --domains “abasy.ccg.unam.mx” --path C:\Users\server\Dropbox (FreyreLab)\OtrosProyectos\Abasy\Websites\Abasy.well-known\acme-challenge --generate-missing --email jfreyre@ccg.unam.mx

It produced this output:
2019/03/21 01:01:44 [ ZeroSSL Crypt::LE client v0.32 started. ]
2019/03/21 01:01:44 Loading an account key from C:\Users\server\Dropbox (FreyreLab)\OtrosProyectos\Abasy\Websites\SSL_files\jfreyre-zerossl.key
2019/03/21 01:01:44 Loading a CSR from C:\Users\server\Dropbox (FreyreLab)\OtrosProyectos\Abasy\Websites\SSL_files\abasy.csr
2019/03/21 01:01:47 Registering the account key
2019/03/21 01:01:47 The key is already registered. ID: 8644304
2019/03/21 01:01:47 Current contact details: jfreyre@ccg.unam.mx
2019/03/21 01:01:48 Successfully saved a challenge file ‘C:\Users\server\Dropbox (FreyreLab)\OtrosProyectos\Abasy\Websites\Abasy.well-known\acme-challenge/Az8SGV3eyqCNM5jEO_ZKrTzTUga5so3Ww2xjG8It40M’ for domain ‘abasy.ccg.unam.mx’
2019/03/21 01:01:51 Domain verification results for ‘abasy.ccg.unam.mx’: error. Invalid response from http://abasy.ccg.unam.mx/.well-known/acme-challenge/Az8SGV3eyqCNM5jEO_ZKrTzTUga5so3Ww2xjG8It40M [132.248.220.234]: "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN”\r\n “http://www.w3.org/TR/xhtml1”
2019/03/21 01:01:51 You can now delete the ‘C:\Users\server\Dropbox (FreyreLab)\OtrosProyectos\Abasy\Websites\Abasy.well-known\acme-challenge/Az8SGV3eyqCNM5jEO_ZKrTzTUga5so3Ww2xjG8It40M’ file.
2019/03/21 01:01:51 All verifications failed

My web server is (include version): Apache/2.4.33 (Win32)

The operating system my web server runs on is (include version):
Windows 7 Professional

My hosting provider, if applicable, is: NA

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): ZeroSSL Crypt::LE client v0.32

mnordhoff · March 21, 2019, 3:26pm

If I try to access http://abasy.ccg.unam.mx/.well-known/acme-challenge/Az8SGV3eyqCNM5jEO_ZKrTzTUga5so3Ww2xjG8It40M in my browser, it works.

If I use curl, I get a 403 Forbidden error page that starts with the same HTML Let’s Encrypt got.

It says “Access forbidden!” and

    You don't have permission to access the requested object.
    It is either read-protected or not readable by the server.

Maybe there’s software that blocks clients that don’t look like browsers, such as Let’s Encrypt’s validator?

jfreyre · March 21, 2019, 6:42pm

Thanks for the insight! Yes, Let’s Encrypt’s validator has been blocked
beacuse of its user-agent.

system · April 20, 2019, 6:42pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.