SSL installation (403 error)

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
soulfulyog.com

I ran this command:
/root/.acme.sh/acme.sh --issue -d soulfulyog.com -d www.soulfulyog.com --cert-file /etc/letsencrypt/live/www.rmronsol.com/cert.pem --key-file /etc/letsencrypt/live/soulfulyog.com/privkey.pem --fullchain-file /etc/letsencrypt/live/soulfulyog.com/fullchain.pem -w /home/soulfulyog.com/public_html --server letsencrypt --force --debug

It produced this output:
Invalid status, soulfulyog.com:Verify error detail:217.196.48.5: Invalid response from http://soulfulyog.com/.well-known/acme-challenge/1Ymd2aEurwVxhksKC6qZOWDj61L50HklfcsxjIeI67I: 403

My web server is (include version):

The operating system my web server runs on is (include version):
AlmaLinux 8 64bit with CyberPanel

My hosting provider, if applicable, is:
Hostinger VPS

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
CyberPanel 2.3

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

I am currently using ZeroSSL Custom SSL which is working but when I try to install using Let's Encrypt, I get a 403 error.

Please provide assistance. Thank you.

1 Like
2

Something on your system is rejecting the ACME HTTP Challenge with an HTTP 403 error (Forbidden).

I can easily reproduce this just using curl requests. You need to review your system config to see why it forbids these requests. Check your LiteSpeed server and any routers or firewalls.

# Should get 404 Not Found or 302 Found redirect like below
curl -I http://soulfulyog.com/.well-known/acme-challenge/Test404
HTTP/1.1 403 Forbidden
server: LiteSpeed

curl -I http://soulfulyog.com/.well-known/test-level/Test404
HTTP/1.1 302 Found
server: LiteSpeed
location: https://soulfulyog.com/.well-known/test-level/Test404
2 Likes
3

I've tried disabling all the firewall rules, but the 403 error still persists. Is there anything else that can be done?

Screenshot 2024-01-06 at 7.32.20 AM
Screenshot 2024-01-06 at 7.32.20 AM3000×1038 124 KB

These are the available functions which can be changed.

4

I am not familiar with the imunify360 so can't comment on that

But, what did you find when reviewing your LiteSpeed server config?

I don't know litespeed very well but does this show anything

httpd -t -D DUMP_VHOSTS
2 Likes
5

bash: httpd: command not found

As for the server config, is there a specific tab out of these where changes might be required?

Screenshot 2024-01-06 at 8.21.16 AM
Screenshot 2024-01-06 at 8.21.16 AM1234×90 8.76 KB

6

You should probably talk with Hostinger

I thought their CyberPanel setups made getting Let's Encrypt certs easy

I'm not sure why you are even using acme.sh if you have their CyberPanel

3 Likes
7

I've already reached out to them. I tried installing through CyberPanel, but it keeps on assigning the self-signed SSL after failing to issue a complete one.

8

I'd start the countdown clock.
If they don't respond/resolve the issue in a timely manner... there are plenty other HSPs out there.

1 Like
9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.