Type:unauthorized


#1

I have tried the easy ways first with no luck. I then created in my web root /.well-known/acme-challenge/“id”/index.html containing the key
I can reach the text key from outside my network.

I keep getting
Type: unauthorized
Detail: Invalid response from

If I can reach it from outside why would the challenge fail with that errror? The only thing I can think is Namecheap is blocking it somehow or I’m doing something wrong?


#2

The “id” must be a file, not a directory.


#3

Actually using a directory with an index file may work:

  1. When the server gets the validation request for http://example.org/.well-known/acme-challenge/TOKEN_FILENAME, and TOKEN_FILENAME is actually a directory in the webroot, server replies with a redirect to http://example.org/.well-known/acme-challenge/TOKEN_FILENAME/ (this may depend on the server configuration, but is a very common default behavior).
  2. Boulder follows redirects and therefore requests http://example.org/.well-known/acme-challenge/TOKEN_FILENAME/ from the server. If the requested TOKEN_FILENAME directory exists in the webroot and contains an index.html file, the default behavior of most web servers is to return the contents of that index.html file. (This behavior may be disabled, or the server may be configured to use some other index file — e.g., index.php.)
  3. Boulder currently does not check the returned Content-Type, so it would accept the validation token returned from index.html (which would have Content-Type: text/html).

I tried this with the dehydrated client and Apache server, and was able to obtain a certificate from the staging server while placing the validation token into .well-known/acme-challenge/TOKEN_FILENAME/index.html instead of its usual location.


#4

What should I call the file instead of index.html ? I’m using the almost stock nginx.conf. It is located inside of a FreeNas jail. What else could be making it receive this error? I have no problems reaching the file using a public proxy.

` Domain: www.mydomainhere.com
Type: unauthorized
Detail: Invalid response from
http://www.mydomainhere.com/.well-known/acme-challenge/key:
"

403 Forbidden

403 Forbidden


" `

Is it normal for the “invalid response from” key to be different from the one I was told to put in the location? I looked thru the log and can’t figure out what would be blocking it. How can it be a forbidden file if it’s openly available on the web? Thanks


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.