Two Question Please


#1

Hi,
It’s my first to here though…
I have a problem with my ssl issuance…
Everytime I register my knowledge.infinityhoster.ga or forum.infinityhoster.ga it fails while my
infinityhoster.ga or www.infinityhoster.ga doesn’t fail.
Please help…

Why if I want a wildcard ssl it wants me to verify using dns not automatic?


#2

Please provide more information.

The Let’s Encrypt team chose to require DNS validation for wildcards. They were just more comfortable with that decision for security and trust reasons. (Regular hostnames can use DNS or HTTP validation.)

DNS validation can be managed fully automatically if your DNS provider and ACME client support it.


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#3

My domain is:
www.infinityhoster.ga

I want to put ssl to the following domain:
support.infinityhoster.ga
knowledge.infinityhoster.ga
forum.infinityhoster.ga

I use the following options (using sslforfree)
Automatic FTP Verification

It produced this output:
Domain “knowledge.infinityhoster.ga” challenge3 failed. Response from “https://acme-v02.api.letsencrypt.org/acme/challenge/YQy8MXhckeqHRHgfia9eDswlmHKS8WiyYD2cjWH5SrE/3936954029” was:

Error: Invalid response from http://knowledge.infinityhoster.ga/.well-known/acme-challenge/YprpgbmK4etqO70iC2GVnfDyGkJpluZuVxJLk2xMNTo: “function toNumbers(d){var e=[];d.replace(/(…)/g,func”

Full Error: { “type”: “http-01”, “status”: “invalid”, “error”: { “type”: “urn:ietf:params:acme:error:unauthorized”, “detail”: “Invalid response from http://knowledge.infinityhoster.ga/.well-known/acme-challenge/YprpgbmK4etqO70iC2GVnfDyGkJpluZuVxJLk2xMNTo: “\u003chtml\u003e\u003cbody\u003e\u003cscript type=“text/javascript” src=”/aes.js” \u003e\u003c/script\u003e\u003cscript\u003efunction toNumbers(d){var e=[];d.replace(/(…)/g,func"", “status”: 403 }, “url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/YQy8MXhckeqHRHgfia9eDswlmHKS8WiyYD2cjWH5SrE/3936954029”, “token”: “YprpgbmK4etqO70iC2GVnfDyGkJpluZuVxJLk2xMNTo”, “validationRecord”: [ { “url”: “http://knowledge.infinityhoster.ga/.well-known/acme-challenge/YprpgbmK4etqO70iC2GVnfDyGkJpluZuVxJLk2xMNTo”, “hostname”: “knowledge.infinityhoster.ga”, “port”: “80”, “addressesResolved”: [ “185.27.134.108” ], “addressUsed”: “185.27.134.108” } ] }

My web server is (include version):
PHP 5.6 +

My hosting provider, if applicable, is:
I am a web hosting provider myself

I can login to a root shell on my machine (yes or no, or I don’t know): no

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): yes, version 58.0.31 (vistapanel)


#4

To refer to my own answer in a previous thread:


#5

I cent really say that there is a security or firewall blocking because my main domain was successfully given a certificate but my subdomain is always getting an error in verification process, so if there is a firewall blocking my main domain, it would have fail too because it is the one that connects all my subdomain


#6

Hi @arcenas090,

Indeed there is some proxy, filtering content application, etc. …so, as @mnordhoff said, there is something filtering the connection and if the client used to access the validation file doesn’t support javascript, then, can’t get the validation file.

1.- If you try to reach the file http://knowledge.infinityhoster.ga/.well-known/acme-challenge/YprpgbmK4etqO70iC2GVnfDyGkJpluZuVxJLk2xMNTo using a desktop or mobile browser you get the right file with the right content.

2.- If you try to use curl from the command line (this is closest to how Let’s Encrypt connects to your site) you get a Forbidden message.

$ curl -ikL http://knowledge.infinityhoster.ga/.well-known/acme-challenge/YprpgbmK4etqO70iC2GVnfDyGkJpluZuVxJLk2xMNTo
HTTP/1.1 403 Forbidden
Server: nginx
Date: Sat, 24 Mar 2018 07:58:47 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Vary: Accept-Encoding

<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>

3.- Now let’s try to simulate that we are Let’s Encrypt using another User Agent in the curl connection:

$ curl -ikL -A "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" http://knowledge.infinityhoster.ga/.well-known/acme-challenge/YprpgbmK4etqO70iC2GVnfDyGkJpluZuVxJLk2xMNTo
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 24 Mar 2018 07:58:36 GMT
Content-Type: text/html
Content-Length: 908
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache

<html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("677790d20f90e13356c6b0586b196191");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="http://knowledge.infinityhoster.ga/.well-known/acme-challenge/YprpgbmK4etqO70iC2GVnfDyGkJpluZuVxJLk2xMNTo?i=1";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>⏎

So, there is something in the middle of your connection and only allows to access your site if the client used supports javascript and Let’s Encrypt doesn’t.

Good luck,
sahsanu


#7

I seem to not fully understand…
Please understand me because in ssl, I haven’t really studied about this that much, so I will go blank on difficult topic about ssl.
And my major studies is all about computer and website’s


#8

Hi @arcenas090,

It has nothing to do with ssl, there is something in the middle of the connection to your site that is filtering the contents, I’ve no idea if you installed something like this, it is something related to your control panel or it is related to your hosting provider, i would bet it is related to your hosting provider so it is worth to ask them if they implement something like that and how to disable it.

Cheers,
sahsanu


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.