Sslforfree.com does not work challenge3 failed

Help
1

Please fill out the fields below so we can help you better.

i want to secure my site using Let’s Encrypt I do however, have a place where I can install my own certificate. None of that is important, basically, I go to sslforfree.com to get a certificate and it doesn’t matter whether i do ftp details, upload a file, or try dns verification, each time it gives me an error. This happens with every other one of my domains. How do I get around this?

EDIT:Domain “domain.com” challenge3 failed. Response from “https://acme-v01.api.letsencrypt.org/acme/challenge/vnSg8r9qKo2xARvNUWrIioFa87ATfxraZGtPuwg4ihc/1564474315” was: { “type”: “http-01”, “status”: “invalid”, “error”: { “type”: “urn:acme:error:unauthorized”, “detail”: “Invalid response from http://domain.com/.well-known/acme-challenge/lqBS43WcK7p4gSw-msOZTDazBV5DnG8uCJJ87_AfQoc: “\u003c!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e403 Forbidden\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eForbidden\u003c/h1\u003e\n\u003cp””, “status”: 403 }, “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/vnSg8r9qKo2xARvNUWrIioFa87ATfxraZGtPuwg4ihc/1564474315”, “token”: “lqBS43WcK7p4gSw-msOZTDazBV5DnG8uCJJ87_AfQoc”, “keyAuthorization”: “lqBS43WcK7p4gSw-msOZTDazBV5DnG8uCJJ87_AfQoc.uiB3-VEEmeL167_i8R-WNDFkzpjCuxlj-ufwDXIXAe4”, “validationRecord”: [ { “url”: “http://domain.com/.well-known/acme-challenge/lqBS43WcK7p4gSw-msOZTDazBV5DnG8uCJJ87_AfQoc”, “hostname”: “domain.com”, “port”: “80”, “addressesResolved”: [ “160.153.47.7” ], “addressUsed”: “160.153.47.7”, “addressesTried”: [] } ] }

2

Hi @chin,

If you didn’t configure your web server yourself, it’s possible that it’s configured to prevent any files or directories starting with . from being served. Some web servers may have that configuration by default.

To test your ability to upload files to the appropriate place, could you try making the following files for me? It doesn’t matter what’s in them, I just want to see if you can make your web server serve them at the appropriate locations.

http://srmfilmschool.com/test.txt
http://srmfilmschool.com/.well-known/test.txt
http://srmfilmschool.com/.well-known/acme-challenge/test.txt

3

Ok thanks
Creating followingdirectory structure
http://domain.com/.well-known/acme-challenge/test.txt
http://www.domain.com/.well-known/acme-challenge/Z52rcBR92qNpLIxaREoqB2gasLzMpJv8Bea2SpY7JwA
http://domain.com/.well-known/acme-challenge/KTA_DwZAp9b3SnUl-W65QLCzVluYKIh5LWGsfeMNlEg

4

It looks to me like you’ve changed something for the better because your test files all work, and even your original link is now giving a 404 not found error rather than 403 forbidden error.

Could you try the certificate issuance process again and see if you encounter the same problem? (If you do, maybe you can give a link to the challenge file that you uploaded to your site?)

5

i facing a same issue Creating new certificate issuance process
Domain “srmfilmschool.com” challenge3 failed. Response from “https://acme-v01.api.letsencrypt.org/acme/challenge/9QC0R_WJlDhg83NMHAqhntuq9YPrLPXCdji4RQ6RDBA/1566684716” was: { “type”: “http-01”, “status”: “invalid”, “error”: { “type”: “urn:acme:error:unauthorized”, “detail”: “Invalid response from http://domain.com/.well-known/acme-challenge/KTA_DwZAp9b3SnUl-W65QLCzVluYKIh5LWGsfeMNlEg: “\u003c!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e403 Forbidden\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eForbidden\u003c/h1\u003e\n\u003cp””, “status”: 403 }, “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/9QC0R_WJlDhg83NMHAqhntuq9YPrLPXCdji4RQ6RDBA/1566684716”, “token”: “KTA_DwZAp9b3SnUl-W65QLCzVluYKIh5LWGsfeMNlEg”, “keyAuthorization”: “KTA_DwZAp9b3SnUl-W65QLCzVluYKIh5LWGsfeMNlEg.xOtxePuhVU0BfEUUqQMcRD173IKlW_mXNRw7RxiBC_M”, “validationRecord”: [ { “url”: “http://domain.com/.well-known/acme-challenge/KTA_DwZAp9b3SnUl-W65QLCzVluYKIh5LWGsfeMNlEg”, “hostname”: “domain.com”, “port”: “80”, “addressesResolved”: [ “160.153.47.7” ], “addressUsed”: “160.153.47.7”, “addressesTried”: [] } ] }

6

I don’t see any of your test files anymore. Did you delete them?

Did you make a file called KTA_DwZAp9b3SnUl-W65QLCzVluYKIh5LWGsfeMNlEg? Did you delete that file afterward?

7

test file deleted

creating new certificate

http://www.domain.com/.well-known/acme-challenge/Ct3gL46Ma-boOI_6dPX0OCC9OiJ-eWzBHgAGgm9aguI
http://domain.com/.well-known/acme-challenge/SnVFc9LSt0J8uc4NNZtzScvGP0Eo9FGsxk-TCzEhGzE

8

Do you have access to web server logs where you could see the attempt by the CA (and by me!) to access these files? Can you see the actual events where the server has returned error 403?

9

I think there is some configuration that is somehow rejecting the CA’s request for security reasons while allowing a normal web browser to access the files, but I find this very unusual and surprising and have not seen a situation exactly like this before.

10

i am using godaddy hosting server

11

@jsha, could you take a look at this to see if you agree with my diagnosis?

It seems like somehow the CA may be receiving a 403 when other people don’t.

12

I’ve seen a similar issue with an overzealously configured mod_security that rejected and requests where the user agent was not a recognized browser.

13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.