Sslforfree.com can't access the verification files

SIECONS · November 13, 2018, 2:44am

Our domain is siecons.com, www.siecons.com

I tried getting SSL verification and I get this error with the manual and the ftp verification:
Domain “siecons.com” challenge3 failed. Response from “https://acme-v02.api.letsencrypt.org/acme/challenge/7Xxnnms7SIiH4ib2jVeIRVIlJOu5plZwmVoKT6hE4Ws/9237565566” was:

Warning: Your verification URL is not returning the correct contents to our verification servers. The URL looks like it is blocking bots and which inadvertently blocks our servers from receiving the correct content. Contact your host, a professional developer or admin for further help with fixing it.

Error: The key authorization file from the server did not match this challenge [coUifFJYKNhxO01DLoZjeeFNn8t32vqbOA3tU44PA8Q._sW_Fms501car8KNwgNF6dCVasCX5ZfAAFyjNN4gcmE] != [coUifFJYKNhxO01DLoZjeeFNn8t32vqbOA3tU44PA8Q.]

Full Error: { “type”: “http-01”, “status”: “invalid”, “error”: { “type”: “urn:ietf:params:acme:error:unauthorized”, “detail”: “The key authorization file from the server did not match this challenge [coUifFJYKNhxO01DLoZjeeFNn8t32vqbOA3tU44PA8Q._sW_Fms501car8KNwgNF6dCVasCX5ZfAAFyjNN4gcmE] != [coUifFJYKNhxO01DLoZjeeFNn8t32vqbOA3tU44PA8Q.]”, “status”: 403 }, “url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/7Xxnnms7SIiH4ib2jVeIRVIlJOu5plZwmVoKT6hE4Ws/9237565566”, “token”: “coUifFJYKNhxO01DLoZjeeFNn8t32vqbOA3tU44PA8Q”, “validationRecord”: [ { “url”: “http://siecons.com/.well-known/acme-challenge/coUifFJYKNhxO01DLoZjeeFNn8t32vqbOA3tU44PA8Q”, “hostname”: “siecons.com”, “port”: “80”, “addressesResolved”: [ “181.88.192.100” ], “addressUsed”: “181.88.192.100” } ] }

My web server is (include version): Supposed to be Apache, unknown version.

The operating system my web server runs on is (include version): Unknown.

My hosting provider is ElServer.com, but the site was bought to a reseller.

I do can log in to a root shell on my machine.

Though there is a control panel to manage my site via panel.cglestudio.com.ar .

I’ve checked all the similar topics in this site and some others and I can’t find neither a fix nor a workaround, any ideas? (Is there a way to get it done by someone who can check that I indeed have access to the website root?)

Every suggestion is highly appreciated.

mnordhoff · November 13, 2018, 3:28am

The validation file needed to contain "coUifFJYKNhxO01DLoZjeeFNn8t32vqbOA3tU44PA8Q._sW_Fms501car8KNwgNF6dCVasCX5ZfAAFyjNN4gcmE" but it only contained "coUifFJYKNhxO01DLoZjeeFNn8t32vqbOA3tU44PA8Q.".

I haven't used SSL For Free, but do you know how that happened? Did it give you the correct instructions? Did something go wrong copying and pasting the string?

jared.m · November 13, 2018, 4:14am

I believe the issue is that the file was created without the correct content. The file content is the same as the file name, but with a period at the end. Did you perhaps not select the complete file content to paste when you were creating this?

rg305 · November 13, 2018, 4:16am

Does that folder reject with login required?

Osiris · November 13, 2018, 6:12am

I think that's just a LE error code, not HTTP error code. Also, from the The key authorization file from the server did not match this challenge error message, you can see there actually is content received, just not the correct one, as @jared.m and @mnordhoff have pointed out.

SIECONS · November 13, 2018, 9:54am

True, I didn’t realize at the moment. The files copied are ok, but when you open them on a browser it only shows half of the content (formated as a HTML document); it do says that I should change the way my site handles files without MIME type for them to be server as just plain text, how can I do something like that?

jared.m · November 13, 2018, 3:06pm

Hm, I’m not entirely sure that’s what’s happening here. I just tried, and it definitely returned it as application/json. I’m still not sure that’s the “correct” way to return the value, but I don’t think it would cause any issues. Can you vi the file on your filesystem and verify the contents outside of how the web server sees it?

# curl -vvvv http://siecons.com/.well-known/acme-challenge/coUifFJYKNhxO01DLoZjeeFNn8t32vqbOA3tU44PA8Q
* About to connect() to siecons.com port 80 (#0)
*   Trying 181.88.192.100... connected
* Connected to siecons.com (181.88.192.100) port 80 (#0)
> GET /.well-known/acme-challenge/coUifFJYKNhxO01DLoZjeeFNn8t32vqbOA3tU44PA8Q HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: siecons.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx
< Date: Tue, 13 Nov 2018 15:08:26 GMT
< Content-Type: application/json; charset=utf-8
< Content-Length: 44
< Connection: keep-alive
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
< X-Proxy-Cache: MISS
<
* Connection #0 to host siecons.com left intact
* Closing connection #0
coUifFJYKNhxO01DLoZjeeFNn8t32vqbOA3tU44PA8Q.

JuergenAuer · November 13, 2018, 4:46pm

Hi @SIECONS

there is a nginx. Fetching the non existing file

http://www.siecons.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

there is a 200 with Content-Type: application/json; charset=utf-8 (instead of a 404).

Add or change the location - configuration:

 location /.well-known/acme-challenge/ { 
default_type text/plain;
}

Edit: Must be /.well-known, thanks @jared.m

jared.m · November 13, 2018, 5:49pm

Please make sure to have this as .well-known, not well-known.

system · December 13, 2018, 5:49pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.