Manual Verification File Creation Question

Hello,

I have a feeling that that there is something simple that I’m missing a step on. Up until sslforfree decided to make the changes that it made, I had been using their site to generate certificates for a couple of my projects because I had trouble getting certbot to work on my machine to upload them manually. I had no trouble getting the files downloaded and uploaded to the /.well-known folders that I needed them to be in to complete the process. It would download them as .bat or .dat files (I honestly forget which) and I’d take off the extension and the verification process would see them just fine after that.

I’ve successfully set up and gotten certbot working on my machine to replicate that process (macOS 10.15, latest version of certbot through homebrew), but for some reason when I am uploading a text file to the proper location for manual verification, I keep getting a 404 error.

I guess that is a long winded way of asking is there a specific format of file that the verification needs to be in and I’m just missing it?

Because of the way my host is set up, I can’t do things automatically (which is part of the reason I’m looking at moving once it’s renewal time) and I only have a couple that I have to worry about at any rate so it hasn’t been a big deal to do it manually every so often.

I appreciate any insight and help!

2 Likes

Hi @athensboy

please share a sample.

These are simple text files. If they are sent with the wrong Content-Type - header, that’s not a problem.

But I don’t know how MacOS handles that. In .NET / Windows, it’s required to allow extensionless files explicit.

Or the dot in /.well-known/ is a problem.

2 Likes

Hi @JuergenAuer, thanks for the response!

When I run the command:

certbot certonly --manual --preferred-challenges http

I follow the prompts to enter my domain. It generates:

Create a file containing just this data:

B17VbYk8NrK_zGVNc4WquaPyDk2tQYZRe17ftW3ZuEU.dtqdZLDk7vOuxbilv34Z9RTH-Q637oTJxDgfOOUfgH4

And make it available on your web server at this URL:

http://threeguysinabasement.com/.well-known/acme-challenge/B17VbYk8NrK_zGVNc4WquaPyDk2tQYZRe17ftW3ZuEU

The exact randomly generated text of course changes for each attempt.

No matter what domain I attempt, the error I get is the same every time:

Challenge failed for domain threeguysinabasement.com
http-01 challenge for threeguysinabasement.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

I upload the file to the same /.well-known/ I had been uploading the challenge files to when using sslforfree for the respective sites, but it doesn’t work where it was working just fine with the files sslforfree had been generating.

I had a feeling that they were simple text files since I couldn’t find anything in the documentation about specific needs. I’ll try a different app to create the file in case something in BBEdit is causing it to not be recognized.

If something went haywire with the /.well-known/ directory, would it be a terrible idea to delete and then recreate it? I suspect it wouldn’t hurt anything, but I thought I’d ask anyway.

Thanks again for the help.

2 Likes

It’s not a problem of the client you use. It’s a problem of your configuration.

  • Is the ip correct?
  • There is a redirect http -> https. Are the roots of http / https the same? Is there an application that changes something?

The ip is your public ip, but is this the ip where you upload the file?

Checking your domain - https://check-your-website.server-daten.de/?q=threeguysinabasement.com - the main things are ok.

But there is no content, only

assets.zone5hosting.net

see the screenshot of the online check. And there answers an Apache.

1 Like

I didn’t think that it was the client since certbot and ssl4free both ultimately use Let’s Encrypt anyway, but I didn’t change any configuration options. So unless something was changed on my account by my host, I don’t know what would have changed to cause this to not work.

That is the IP that shows up when I’m looking at Control Panel.

The roots, to the best of my knowledge, are the same. There isn’t an application that I have going that changes anything. At one point I had to uncomment the .htaccess file in order to get it to serve the SSL, but commenting out those lines again appears to have no effect on it.

Huh. That’s… strange. It should just be showing a white page with “Nothing to see here,” written on it and did when I started this thread. I’m actually quite confused as to what that is all about (the zone5hosting bit specifically). Nowhere that I can see has a redirect set up, let alone for anything remotely like that. Unless deleting the expired certificate did something to open that up, but I would anticipate that would just give me a warning about privacy or invalid certificates. There is literally nothing on this domain right now except for a placeholder page so that’s a bit of investigative work I need to figure out now…

Screenshot_2020-06-26_11-44-55
From my vantage just now on the Oregon coast. (for reference)

Rip

1 Like

Awesome. I don’t know what was going on, but I removed files from the directory and reuploaded the basic files that were there. I’m glad that it’s working for someone other than myself.

I suspect that I had a garbage file in there from who knows when and for what purpose that was causing the zone5hosting thing.

Waaaaaaiiiitttt a minute…

I just remembered that my host did something to the server the other day that had downtime. I don’t know if they were upgrading Apache or not. I’m going to reach out to them and see if there’s something that changed on their end that is causing this and report back.

1 Like

Okay, so at the outset I thought I was missing something simple and, as it turns out, I was partly right.

After bringing in tech support on my hosting side, the issue (other than that zone5 nonsense) ended up being the dot in the middle of the challenge content. I was removing the .txt extension from the challenge file I uploaded, but completely missing the “.” in the middle of the string.

I’m going to attribute it to a lack of experience with this working method and me being too close to the problem.

Thank you, @JuergenAuer for your help in getting me down the right path and thank you @Rip for the screenshot verification.

Glad to hear you figured it out. And you have a certificate!
Good Luck
Rip