Sslforfree.com does not work challenge3 failed

chin · July 17, 2017, 7:20pm

Please fill out the fields below so we can help you better.

i want to secure my site using Let’s Encrypt I do however, have a place where I can install my own certificate. None of that is important, basically, I go to sslforfree.com to get a certificate and it doesn’t matter whether i do ftp details, upload a file, or try dns verification, each time it gives me an error. This happens with every other one of my domains. How do I get around this?

EDIT:Domain “domain.com” challenge3 failed. Response from “https://acme-v01.api.letsencrypt.org/acme/challenge/vnSg8r9qKo2xARvNUWrIioFa87ATfxraZGtPuwg4ihc/1564474315” was: { “type”: “http-01”, “status”: “invalid”, “error”: { “type”: “urn:acme:error:unauthorized”, “detail”: “Invalid response from http://domain.com/.well-known/acme-challenge/lqBS43WcK7p4gSw-msOZTDazBV5DnG8uCJJ87_AfQoc: “\u003c!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e403 Forbidden\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eForbidden\u003c/h1\u003e\n\u003cp””, “status”: 403 }, “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/vnSg8r9qKo2xARvNUWrIioFa87ATfxraZGtPuwg4ihc/1564474315”, “token”: “lqBS43WcK7p4gSw-msOZTDazBV5DnG8uCJJ87_AfQoc”, “keyAuthorization”: “lqBS43WcK7p4gSw-msOZTDazBV5DnG8uCJJ87_AfQoc.uiB3-VEEmeL167_i8R-WNDFkzpjCuxlj-ufwDXIXAe4”, “validationRecord”: [ { “url”: “http://domain.com/.well-known/acme-challenge/lqBS43WcK7p4gSw-msOZTDazBV5DnG8uCJJ87_AfQoc”, “hostname”: “domain.com”, “port”: “80”, “addressesResolved”: [ “160.153.47.7” ], “addressUsed”: “160.153.47.7”, “addressesTried”: [] } ] }

schoen · July 17, 2017, 7:42pm

Hi @chin,

If you didn’t configure your web server yourself, it’s possible that it’s configured to prevent any files or directories starting with . from being served. Some web servers may have that configuration by default.

To test your ability to upload files to the appropriate place, could you try making the following files for me? It doesn’t matter what’s in them, I just want to see if you can make your web server serve them at the appropriate locations.

http://srmfilmschool.com/test.txt
http://srmfilmschool.com/.well-known/test.txt
http://srmfilmschool.com/.well-known/acme-challenge/test.txt

chin · July 18, 2017, 3:48am

Ok thanks
Creating followingdirectory structure
http://domain.com/.well-known/acme-challenge/test.txt
http://www.domain.com/.well-known/acme-challenge/Z52rcBR92qNpLIxaREoqB2gasLzMpJv8Bea2SpY7JwA
http://domain.com/.well-known/acme-challenge/KTA_DwZAp9b3SnUl-W65QLCzVluYKIh5LWGsfeMNlEg

schoen · July 18, 2017, 5:43am

It looks to me like you’ve changed something for the better because your test files all work, and even your original link is now giving a 404 not found error rather than 403 forbidden error.

Could you try the certificate issuance process again and see if you encounter the same problem? (If you do, maybe you can give a link to the challenge file that you uploaded to your site?)

chin · July 18, 2017, 6:48pm

i facing a same issue Creating new certificate issuance process
Domain “srmfilmschool.com” challenge3 failed. Response from “https://acme-v01.api.letsencrypt.org/acme/challenge/9QC0R_WJlDhg83NMHAqhntuq9YPrLPXCdji4RQ6RDBA/1566684716” was: { “type”: “http-01”, “status”: “invalid”, “error”: { “type”: “urn:acme:error:unauthorized”, “detail”: “Invalid response from http://domain.com/.well-known/acme-challenge/KTA_DwZAp9b3SnUl-W65QLCzVluYKIh5LWGsfeMNlEg: “\u003c!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e403 Forbidden\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eForbidden\u003c/h1\u003e\n\u003cp””, “status”: 403 }, “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/9QC0R_WJlDhg83NMHAqhntuq9YPrLPXCdji4RQ6RDBA/1566684716”, “token”: “KTA_DwZAp9b3SnUl-W65QLCzVluYKIh5LWGsfeMNlEg”, “keyAuthorization”: “KTA_DwZAp9b3SnUl-W65QLCzVluYKIh5LWGsfeMNlEg.xOtxePuhVU0BfEUUqQMcRD173IKlW_mXNRw7RxiBC_M”, “validationRecord”: [ { “url”: “http://domain.com/.well-known/acme-challenge/KTA_DwZAp9b3SnUl-W65QLCzVluYKIh5LWGsfeMNlEg”, “hostname”: “domain.com”, “port”: “80”, “addressesResolved”: [ “160.153.47.7” ], “addressUsed”: “160.153.47.7”, “addressesTried”: [] } ] }

schoen · July 18, 2017, 7:11pm

I don’t see any of your test files anymore. Did you delete them?

Did you make a file called KTA_DwZAp9b3SnUl-W65QLCzVluYKIh5LWGsfeMNlEg? Did you delete that file afterward?

chin · July 18, 2017, 7:29pm

test file deleted

creating new certificate

http://www.domain.com/.well-known/acme-challenge/Ct3gL46Ma-boOI_6dPX0OCC9OiJ-eWzBHgAGgm9aguI
http://domain.com/.well-known/acme-challenge/SnVFc9LSt0J8uc4NNZtzScvGP0Eo9FGsxk-TCzEhGzE

schoen · July 18, 2017, 7:38pm

Do you have access to web server logs where you could see the attempt by the CA (and by me!) to access these files? Can you see the actual events where the server has returned error 403?

schoen · July 18, 2017, 7:38pm

I think there is some configuration that is somehow rejecting the CA’s request for security reasons while allowing a normal web browser to access the files, but I find this very unusual and surprising and have not seen a situation exactly like this before.

chin · July 18, 2017, 7:51pm

i am using godaddy hosting server

schoen · July 18, 2017, 7:56pm

@jsha, could you take a look at this to see if you agree with my diagnosis?

It seems like somehow the CA may be receiving a 403 when other people don’t.

jsha · July 18, 2017, 8:01pm

I’ve seen a similar issue with an overzealously configured mod_security that rejected and requests where the user agent was not a recognized browser.

system · August 17, 2017, 8:09pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.