Not able to issue cert : error code 400 "urn:ietf:params:acme:error:connection Cannot follow HTTP 303 redirects

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: sedtile.com.au

I ran this command: Trying via cPanel Plugin

It produced this output: error code 400 "urn:ietf:params:acme:error:connection Cannot follow HTTP 303 redirects

My web server is (include version): Litespeed Current Version: 5.4.8 (build 2)

The operating system my web server runs on is (include version): CloudLinux release 7.9

My hosting provider, if applicable, is: Aspiration Hosting

I can login to a root shell on my machine (yes or no, or I don't know): No

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): cPanel 96.0.13

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Hmm. My understanding is that following a 303 Redirect was fairly recently disallowed for CAs validating sites (It was coded by Let's Encrypt in March, though I don't know when that code went live). But if you're using cPanel to get your certificate you shouldn't need to be worrying about such things directly I wouldn't think. Maybe you just need to update your plugin (or perhaps your hoster needs to do so)? Or might there be something else besides that plugin that's trying to do some redirects for your site?

Though I'm currently getting a 503 Service Unavailable when going to your site.

2 Likes

I would guess that the problem is your domain's DNS AAAA IPv6 record still points to your old host (DreamScape Networks, who own a bunch of brands like Crazy Domains).

Your DNS A IPv4 record correctly points to Aspiration Hosting.

So what you probably need to do is login to your domain registrar (Crazy Domains?), go to the DNS Control Panel, and remove the AAAA record.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.