Let's Encrypt verification challenge failed


#1

Hi,
I have tried to generate SSL certificate today at “sslforfree.com” for my subdomain (okdnetwork.000a.biz). I have selected Automatic FTP Verification and typed my ftp information. But after a while, an error appeared on my browser’s screen:

Domain “okdnetwork.000a.biz” challenge3 failed. Response from “https://acme-v02.api.letsencrypt.org/acme/challenge/h96kPrtUqKfsBHprPvuvzIuQF2erSw60ibIV55UpF7M/9693714182” was:

Warning: Your verification URL is not returning the correct contents to our verification servers. The URL looks like it is blocking bots and which inadvertently blocks our servers from receiving the correct content. Contact your host, a professional developer or admin for further help with fixing it.

Error: Invalid response from http://okdnetwork.000a.biz/.well-known/acme-challenge/bhWdPJavplJC8keXMIzLXsl65qBqGHw_0TFKmDGRkTk: “<html><body><script type=“text/javascript” src=”/aes.js" ></script><script>function toNumbers(d){var e=;d.replace(/(…)/g,func"

Full Error: { “type”: “http-01”, “status”: “invalid”, “error”: { “type”: “urn:ietf:params:acme:error:unauthorized”, “detail”: “Invalid response from http://okdnetwork.000a.biz/.well-known/acme-challenge/bhWdPJavplJC8keXMIzLXsl65qBqGHw_0TFKmDGRkTk: “\u003chtml\u003e\u003cbody\u003e\u003cscript type=\“text/javascript\” src=\”/aes.js\” \u003e\u003c/script\u003e\u003cscript\u003efunction toNumbers(d){var e=;d.replace(/(…)/g,func"", “status”: 403 }, “url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/h96kPrtUqKfsBHprPvuvzIuQF2erSw60ibIV55UpF7M/9693714182”, “token”: “bhWdPJavplJC8keXMIzLXsl65qBqGHw_0TFKmDGRkTk”, “validationRecord”: [ { “url”: “http://okdnetwork.000a.biz/.well-known/acme-challenge/bhWdPJavplJC8keXMIzLXsl65qBqGHw_0TFKmDGRkTk”, “hostname”: “okdnetwork.000a.biz”, “port”: “80”, “addressesResolved”: [ “185.27.134.216” ], “addressUsed”: “185.27.134.216” } ] }

This error appeared after I every tried to verify my subdomain. I would like to know why.
Best Regards.

Screenshot:


#2

Byethost blocks automated Let’s Encrypt HTTP-01 validation requests. The use ‘security’ software that returns some sort of JavaScript challenge instead of the real file.

See, for example:


#3

Ok, is there any solution for this problem?


#4

You can ask Byethost to stop blocking the requests – I don’t know if they will, though.

You can try Let’s Encrypt DNS validation, if you’re able to create a TXT record called _acme-challenge.okdnetwork.000a.biz.

You can switch hosting companies.

You can try another CA, but that likely won’t help.


#5

I am using CPanel 58.0.31 and I have two DNS options “SPF Records and CNAME Records” marked blue circle. Which one and how should I do this for DNS verification?

Screenshot:


#6

Hi @odurmus52

both are wrong. SPF is a txt entry, but mail - relevant, a CNAME isn’t a txt entry, so you can’t use it.