The following errors were reported by the server

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
ghorfeh.ccoip.ir
I ran this command:
./certbot-auto --apache certonly -d ghorfeh.ccoip.ir
It produced this output:
Domain: ghorfeh.ccoip.ir
Type: unauthorized
Detail: Error reading HTTP response body: gzip: invalid header
My web server is (include version):
Apache version 2.2.15
The operating system my web server runs on is (include version):
centos 6.9
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

If you own ghorfeh.ccoip.ir, why are you requesting a certificate for ghorfeh.ccoip.com? Those aren't remotely the same thing.

i fix it and then show this error

Error reading HTTP response body: gzip: invalid header

It’s hard to say without more context around that error, but it looks like your server isn’t serving up the challenge file properly. What’s the exact command you ran, and the complete output?

That seems to be the Go error message for, well, decompressing gzip data with an invalid header.

I guess the site has HTTP compression bugs?

While I don’t know the site in question, I can reproduce a similar error with a different HTTP client if I try to download http://ghorfeh.ccoip.ir/.well-known/acme-challenge/test, from either IP.

$ curl -v --compressed http://ghorfeh.ccoip.ir/.well-known/acme-challenge/test        
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 46.209.114.14...
* Connected to ghorfeh.ccoip.ir (46.209.114.14) port 80 (#0)
> GET /.well-known/acme-challenge/test HTTP/1.1
> Host: ghorfeh.ccoip.ir
> User-Agent: curl/7.47.0
> Accept: */*
> Accept-Encoding: deflate, gzip
>
< HTTP/1.1 404 Not Found
< Date: Sat, 27 Jan 2018 12:33:15 GMT
< Server: XXXXXXXX
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1
< Set-Cookie: JSESSIONID=CA4CC51443180CBD2745EE8CBB3A9E9C; Path=/; HttpOnly
< Content-Encoding: gzip
< Cache-Control: max-age=0
< Expires: Sat, 27 Jan 2018 12:33:15 GMT
< Transfer-Encoding: chunked
< Content-Type: text/html;charset=UTF-8
<
{ [682 bytes data]
* Error while processing content unencoding: invalid literal/length code
* Failed writing data
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Closing connection 0
curl: (23) Error while processing content unencoding: invalid literal/length code

Edit:

It’s simply sending HTML that isn’t compressed. But with a “Content-Encoding: gzip” header.

1 Like

./certbot-auto --apache certonly -d ghorfeh.ccoip.ir
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ghorfeh.ccoip.ir
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. ghorfeh.ccoip.ir (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Error reading HTTP response body: gzip: invalid header

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: ghorfeh.ccoip.ir
    Type: unauthorized
    Detail: Error reading HTTP response body: gzip: invalid header

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.