Sslforfree and certbot failing to work

So basically every time I try to get a cert, if it’s through cerbot manual or even sslforfree.com, it’s somehow not working. I’ve tried giving the file perms. Somehow my host isn’t logging any errors so I can’t check their logs (even waited an hour like they said for the logs to update, still failed to show logs.)

The error currently is Domain “help.angosys.me” challenge3 failed. Response from “https://acme-v01.api.letsencrypt.org/acme/challenge/x6jiTWEYAQVh0LO81jMGFs0J5oU7T0xeJ_bo-dx1z3U/2044781247” was: { “type”: “http-01”, “status”: “invalid”, “error”: { “type”: “urn:acme:error:unauthorized”, “detail”: “Invalid response from http://help.angosys.me/.well-known/acme-challenge/EESmCB4EPeEodp1WLsRdOTbQKyBdk3MacgaQO3sgyIc: “\u003chtml\u003e\u003cbody\u003e\u003cscript type=“text/javascript” src=”/aes.js” \u003e\u003c/script\u003e\u003cscript\u003efunction toNumbers(d){var e=[];d.replace(/(…)/g,func"", “status”: 403 }, “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/x6jiTWEYAQVh0LO81jMGFs0J5oU7T0xeJ_bo-dx1z3U/2044781247”, “token”: “EESmCB4EPeEodp1WLsRdOTbQKyBdk3MacgaQO3sgyIc”, “keyAuthorization”: “EESmCB4EPeEodp1WLsRdOTbQKyBdk3MacgaQO3sgyIc.m2Mw9mPm-t1jx1tXiX03PTMUw4F2s-twXxHoOD-pS0s”, “validationRecord”: [ { “url”: “http://help.angosys.me/.well-known/acme-challenge/EESmCB4EPeEodp1WLsRdOTbQKyBdk3MacgaQO3sgyIc”, “hostname”: “help.angosys.me”, “port”: “80”, “addressesResolved”: [ “185.27.134.92” ], “addressUsed”: “185.27.134.92”, “addressesTried”: [] } ] }

I can access the file through my browser and it shows the content but sslforfree/Let’s Encrypt can’t access it for some weird reason and my host’s support are absolutely useless.

wget http://help.angosys.me/
–2017-09-23 00:33:27-- http://help.angosys.me/
Resolving help.angosys.me (help.angosys.me)… 185.27.134.92
Connecting to help.angosys.me (help.angosys.me)|185.27.134.92|:80… connected.
HTTP request sent, awaiting response… 403 Forbidden
2017-09-23 00:33:31 ERROR 403: Forbidden.

curl http://help.angosys.me/
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor=“white”>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>

Digging deeper…
It seems that there is some JavaScript that may be getting in the way:

<html><body><script type=“text/javascript” src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(…)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?“0”:"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers(“f655ba9d09a112d4968c63579db590b4”),b=toNumbers(“98344c2eee86c3994890592585b49f80”),c=toNumbers(“1d6475aa5fb97834737f909bd7ed4d76”);document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href=“http://help.angosys.me/?i=1”;</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>

I think the host is blocking based on user-agent. (I don’t think the JavaScript is a direct reason for this, because the blocking happens even before the JavaScript can be served at all.) I can see the file with a browser but not with curl. Blocking based on user-agent is not OK for the HTTP-01 challenge method.

Note that this can’t be fixed by using a different Let’s Encrypt client because these inbound requests don’t come from the client application, but rather from the certificate authority side.

The thing is, my host does support Let’s Encrypt but for some weird reason it doesn’t load, they said engineers had fixed it but still didn’t work even after 3 weeks of the issue being “resolved” it seems they are moving Let’s Encrypt support to a different plan other than the one I’m on. I’ll have to open a ticket with my host and see if they can see anything on their end, since it won’t let me see logs on cpanel, as if they aren’t logging anything.

Update: Opened a ticket with my host, just awaiting their response. I provided logs from the above showing the 403 error and your response, Schoen. I’ve also linked them this post so they can investigate themselves.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.