Urn:ietf:params:acme:error:unauthorized

Help
1

Hello to all,

I had a crappy day today, everything started to fail, so I ended up taking the decision to reinstall the whole thing,

I know I received several messages from the ACME certification authority, telling me that I had abused the certificate requests, but against my will, because it is part of the deployment process of the solution I use and each time it is deployed, it initiates a new installation or update request.

I started with a multi-si installation, all applications would like to use ports 80 and 443, (which I find stupid by the way), but that's the way it is, so the idea was to install a run reverse proxy to transfer requests from standard ports.

the thing is that the challenge request seems to go by default still through port 80 / 443 and there is only one! so when it comes to the reverse proxy ports, it becomes impossible to get ACME validation for an application on another port that uses http-01 challenge.

  1. I am not the developer of the application and I don't know how to modify the application to make a challenge request on another port

  2. I need to see if I can forward the requests from port 80 to this other port in the application which is a Docker image.

  3. I admit I need help to find a definitive solution to the problem.

So to finish this terrible day in beauty, I'm banished by the authority, I have the impression :

Challenge validation failed: During secondary validation: 2606:4700:3036::ac43:d884: Invalid response from
http://*.kapdome.com/.well-known/acme-challenge/XXXPA: 404
(urn:ietf:params:acme:error:unauthorized)

I have precisely a support to fix this and not to miss the Christmas holidays,

thanks

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version): Linux / Docker

My hosting provider, if applicable, is: Free

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): IDK

2

Not true.
The challenge requests come with FQDNs; Any proxy that can handle SNI can handle the challenge requests.
As for the ACME client, well... we would need to know which one you are using before giving any advice on that.

LE will not follow redirects to other ports [other than 80 and 443].
You can proxy them within your network any way you like.

Sorry to hear about your day :frowning:
But it almost :beer: O'clock here!
Cheers from Miami :beers:

6 Likes
3

Yes hahahaha many thanks

1 Like
4

Is this topic directly related to your other open topic?:

5 Likes
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.