Urbs.com.br not validated via HTTP Token

The same domain seems to be validated at past. Do we have any reason why it is not validated this time via HTTP Token?

https://letsdebug.net/urbs.com.br/218446?debug=y

$ curl -cv http://urbs.com.br/.well-known/acme-challenge/vUuJ5RWELRhhb3uzERZkmB8F0bBYT_v-7ZNCWext9VI
vUuJ5RWELRhhb3uzERZkmB8F0bBYT_v-7ZNCWext9VI.VadAxQTu2y3KYd0i_k8ngGLtq0nS2z3anXFgH0qKXkE

$ dig _acme-challenge.urbs.com.br. TXT

; <<>> DiG 9.10.3-P4-Ubuntu <<>> _acme-challenge.urbs.com.br. TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31642
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_acme-challenge.urbs.com.br. IN TXT

;; ANSWER SECTION:
_acme-challenge.urbs.com.br. 3600 IN CNAME urbs.com.br.00d460000016joaeaq.live.siteforce.com.
urbs.com.br.00d460000016joaeaq.live.siteforce.com. 158 IN CNAME 75504.communities.salesforce.cdn.edgekey.net.
75504.communities.salesforce.cdn.edgekey.net. 21458 IN CNAME e28348.dsca.akamaiedge.net.

;; AUTHORITY SECTION:
dsca.akamaiedge.net. 1000 IN SOA n0dsca.akamaiedge.net. hostmaster.akamai.com. 1594922465 1000 1000 1000 1800

;; Query time: 52 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jul 16 18:01:05 UTC 2020
;; MSG SIZE rcvd: 295

1 Like

This is not really a technical questions about how issuance or renewal works, which is the general topic for threads in the “Issuance Tech” section. Therefore I’ve moved your thread to the Help section.

In the Help section, you would have been provided with a questionnaire, which is required to get help. Please answer the questions to the best of your knowledge and provide as much information as possible to make it easier (and interesting) for the volunteers on this Community:


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

1 Like

The same domain “urbs.com.br” seems to be validated at past.
https://crt.sh/?q=urbs.com.br
https://crt.sh/?id=3000905739

Do we have any reason why it is not validated this time via HTTP Token?

https://letsdebug.net/urbs.com.br/218446?debug=y

$ curl -cv http://urbs.com.br/.well-known/acme-challenge/vUuJ5RWELRhhb3uzERZkmB8F0bBYT_v-7ZNCWext9VI
vUuJ5RWELRhhb3uzERZkmB8F0bBYT_v-7ZNCWext9VI.VadAxQTu2y3KYd0i_k8ngGLtq0nS2z3anXFgH0qKXkE

$ dig _acme-challenge.urbs.com.br. TXT

; <<>> DiG 9.10.3-P4-Ubuntu <<>> _acme-challenge.urbs.com.br. TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31642
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_acme-challenge.urbs.com.br. IN TXT

;; ANSWER SECTION:
_acme-challenge.urbs.com.br. 3600 IN CNAME urbs.com.br.00d460000016joaeaq.live.siteforce.com.
urbs.com.br.00d460000016joaeaq.live.siteforce.com. 158 IN CNAME 75504.communities.salesforce.cdn.edgekey.net.
75504.communities.salesforce.cdn.edgekey.net. 21458 IN CNAME e28348.dsca.akamaiedge.net.

;; AUTHORITY SECTION:
dsca.akamaiedge.net. 1000 IN SOA n0dsca.akamaiedge.net. hostmaster.akamai.com. 1594922465 1000 1000 1000 1800

;; Query time: 52 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jul 16 18:01:05 UTC 2020
;; MSG SIZE rcvd: 295

1 Like

Could you share the exact command that you’re using to request your certificate and the exact error message that you’re getting from the certificate authority?

I am unfortunately not aware the exact commands to request the certificate(validate the domain) because we are trying to validate this via Akamai Certificate Provisioning System.

https://learn.akamai.com/en-us/webhelp/certificate-provisioning-system/certificate-provisioning-system-help/GUID-8743D792-C692-4437-ADAF-4629A0B430FC.html

Is this domain suppose to be validated automatically from Let’s Encrypt via HTTP Token?

1 Like

Did you “View validation status” in Akamai’s system? What was the status of the request?

1 Like

“urbs.com.br —> Awaiting user” though the correct HTTP token is returned.

Authoritative NS does not follow CNAME chain.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.