[solved] "urn:acme:error:unauthorized" status 403

My domain is: bcimz1.blockchaininmotion.io

I ran this command: sudo .acme.sh/acme.sh --issue --standalone -d bcimz1.blockchaininmotion.io

It produced this output: see below;

WITH DEBUG OUTPUT SNIP IT

[Tue Oct 24 13:22:56 EDT 2017] response=’{“type”:“http-01”,“status”:“pending”,“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/qrED01twKyrCyUjNtWa_TnEokipMnAaHOJK55StuYoI/2294623369",“token”:“fjZieq0kwK-bGPbpiZAmbSjxy0uEcVc0GOw5_VFxSQM”,“keyAuthorization”:"fjZieq0kwK-bGPbpiZAmbSjxy0uEcVc0GOw5_VFxSQM.3dq6LMIeJiPD9kAOD_X4DHmAHpRMfHvfS82gprwC1ic”}’
[Tue Oct 24 13:22:56 EDT 2017] code=‘202’
[Tue Oct 24 13:22:56 EDT 2017] sleep 2 secs to verify
[Tue Oct 24 13:22:58 EDT 2017] checking
[Tue Oct 24 13:22:58 EDT 2017] GET
[Tue Oct 24 13:22:58 EDT 2017] url=‘https://acme-v01.api.letsencrypt.org/acme/challenge/qrED01twKyrCyUjNtWa_TnEokipMnAaHOJK55StuYoI/2294623369
[Tue Oct 24 13:22:58 EDT 2017] timeout
[Tue Oct 24 13:22:58 EDT 2017] _CURL=‘curl -L --silent --dump-header /var/tmp .acme.sh/http.header --trace-ascii /tmp/tmp.MBOIQaykAd ‘
[Tue Oct 24 13:22:58 EDT 2017] ret=‘0’
[Tue Oct 24 13:22:58 EDT 2017] original=’{
“type”: “http-01”,
** “status”: “invalid”,**
** “error”: {**
** “type”: “urn:acme:error:unauthorized”,**
** “detail”: "Invalid response from http://bcimz1.blockchaininmotion.io/.well-known/acme-challenge/fjZieq0kwK-bGPbpiZAmbSjxy0uEcVc0GOw5_VFxSQM: "\u003c!DOCTYPE\u003e\n\u003chtml\u003e\n\u003chead\u003e\n \u003clink href=‘https://fonts.googleapis.com/css?family=Roboto:300’ rel=‘stylesheet’ type=‘text/css’\u003e\n “”,**
** “status”: 403**
** },**
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/qrED01twKyrCyUjNtWa_TnEokipMnAaHOJK55StuYoI/2294623369”,
“token”: “fjZieq0kwK-bGPbpiZAmbSjxy0uEcVc0GOw5_VFxSQM”,
“keyAuthorization”: “fjZieq0kwK-bGPbpiZAmbSjxy0uEcVc0GOw5_VFxSQM.3dq6LMIeJiPD9kAOD_X4DHmAHpRMfHvfS82gprwC1ic”,
“validationRecord”: [
{
“url”: “http://bcimz1.blockchaininmotion.io/.well-known/acme-challenge/fjZieq0kwK-bGPbpiZAmbSjxy0uEcVc0GOw5_VFxSQM”,
“hostname”: “bcimz1.blockchaininmotion.io”,
“port”: “80”,
“addressesResolved”: [
“173.255.255.129”
],
“addressUsed”: “173.255.255.129”,
“addressesTried”: []
}
]
}’
[Tue Oct 24 13:22:58 EDT 2017] response=’{“type”:“http-01”,“status”:“invalid”,“error”:{“type”:“urn:acme:error:unauthorized”,“detail”:"Invalid response from http://bcimz1.blockchaininmotion.io/.well-known/acme-challenge/fjZieq0kwK-bGPbpiZAmbSjxy0uEcVc0GOw5_VFxSQM: "\u003c!DOCTYPE\u003e\n\u003chtml\u003e\n\u003chead\u003e\n \u003clink href=‘https://fonts.googleapis.com/css?family=Roboto:300’ rel=‘stylesheet’ type=‘text/css’\u003e\n “”,“status”: 403},“uri”:“https://acme-v01.api.letsencrypt.org/acme/challenge/qrED01twKyrCyUjNtWa_TnEokipMnAaHOJK55StuYoI/2294623369",“token”:“fjZieq0kwK-bGPbpiZAmbSjxy0uEcVc0GOw5_VFxSQM”,“keyAuthorization”:“fjZieq0kwK-bGPbpiZAmbSjxy0uEcVc0GOw5_VFxSQM.3dq6LMIeJiPD9kAOD_X4DHmAHpRMfHvfS82gprwC1ic”,“validationRecord”:[{“url”:“http://bcimz1.blockchaininmotion.io/.well-known/acme-challenge/fjZieq0kwK-bGPbpiZAmbSjxy0uEcVc0GOw5_VFxSQM”,“hostname”:“bcimz1.blockchaininmotion.io”,“port”:“80”,“addressesResolved”:[“173.255.255.129”],“addressUsed”:“173.255.255.129”,"addressesTried”:[]}]}’
[Tue Oct 24 13:22:58 EDT 2017] error=’“error”:{“type”:“urn:acme:error:unauthorized”,“detail”:"Invalid response from http://bcimz1.blockchaininmotion.io/.well-known/acme-challenge/fjZieq0kwK-bGPbpiZAmbSjxy0uEcVc0GOw5_VFxSQM: '
[Tue Oct 24 13:22:58 EDT 2017] errordetail='Invalid response from http://bcimz1.blockchaininmotion.io/.well-known/acme-challenge/fjZieq0kwK-bGPbpiZAmbSjxy0uEcVc0GOw5_VFxSQM: '
[Tue Oct 24 13:22:58 EDT 2017] bcimz1.blockchaininmotion.io:Verify error:Invalid response from http://bcimz1.blockchaininmotion.io/.well-known/acme-challenge/fjZieq0kwK-bGPbpiZAmbSjxy0uEcVc0GOw5_VFxSQM:

My web server is (include version): NONE, I have ports 80 and 443 open - looks like it instantiates ngnix to get the cert.
I don’t intend to run a website.

The operating system my web server runs on is (include version): UBUNTU 16.04 LTS x86_64

My hosting provider, if applicable, is: Linode
My Registrar is NameCheap

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No.

There is an existing web server running on that host, even though you said you “don’t intend to run a website”. You can confirm this by going to http://bcimz1.blockchaininmotion.io/ in a browser and then using “View Source”. All that HTML came from an existing server on that machine, not from the acme.sh client. In order to use standalone mode, you’ll need to find and remove or deactivate this web server. The self-reported server software is nginx, but acme.sh does not start nginx for --standalone (it uses a tool called socat).

Thankyou for responding so quickly. I’ll track down what is running, it may take me a bit. Please keep this thread open as it were, I’ll report back with what I found, action I took and the result to benefit all.

Following up, I have the issue resolved.

The cause of the issue was an incorrect entry in the Zone file for the site ip address. Name resolution was not working as intended.

This explains why there was a webserver responding.

I was able to complete the setup successfully once the zone file update propagated.

Thankyou.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.