Verification failed due tp The URL looks like it is blocking bots and which inadvertently blocks our servers from receiving the correct content


#1

Hello TEAM,

I have try to generate ssl certificate from https://www.sslforfree.com/

for cbseresults.nic.in but unable to generate it and getting following message every browser and every computer.

https://www.sslforfree.com/create?verify_manual&domains=cbseresults.nic.in

Domain “cbseresults.nic.in” challenge3 failed. Response from “https://acme-v02.api.letsencrypt.org/acme/challenge/UqgegkbCOw14E_NZZHeZU3-GmlBrB4ZiaWy1yBERzXg/9688843285” was:

Warning: Your verification URL is not returning the correct contents to our verification servers. The URL looks like it is blocking bots and which inadvertently blocks our servers from receiving the correct content. Contact your host, a professional developer or admin for further help with fixing it.

Error: Invalid response from http://cbseresults.nic.in/.well-known/acme-challenge/jrF4x0Kxu7jY1J3cGHA-H-b6fhMUGl1rfwZuZylCieo: “<!DOCTYPE html><html><title></title><script>var y=window</script><script>var x={o:’/XOgWQP/.well-known/acme-challenge/jrF4x0Kxu7”

Full Error: { “type”: “http-01”, “status”: “invalid”, “error”: { “type”: “urn:ietf:params:acme:error:unauthorized”, “detail”: "Invalid response from http://cbseresults.nic.in/.well-known/acme-challenge/jrF4x0Kxu7jY1J3cGHA-H-b6fhMUGl1rfwZuZylCieo: “\u003c!DOCTYPE html\u003e\u003chtml\u003e\u003ctitle\u003e\u003c/title\u003e\u003cscript\u003evar y=window\u003c/script\u003e\u003cscript\u003evar x={o:’/XOgWQP/.well-known/acme-challenge/jrF4x0Kxu7"”, “status”: 403 }, “url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/UqgegkbCOw14E_NZZHeZU3-GmlBrB4ZiaWy1yBERzXg/9688843285”, “token”: “jrF4x0Kxu7jY1J3cGHA-H-b6fhMUGl1rfwZuZylCieo”, “validationRecord”: [ { “url”: “http://cbseresults.nic.in/.well-known/acme-challenge/jrF4x0Kxu7jY1J3cGHA-H-b6fhMUGl1rfwZuZylCieo”, “hostname”: “cbseresults.nic.in”, “port”: “80”, “addressesResolved”: [ “164.100.118.41” ], “addressUsed”: “164.100.118.41” } ] }

My domain is:cbseresults.nic.in
My web server is (include version): IIS 7.x

The operating system my web server runs on is (include version): windows server 2008 r2

Regards


#2

It appears that you have some javascript in place to verify that your site is being visited by a browser, as opposed to an automated program. Unfortunately for you, Let’s Encrypt’s retrieval of the challenge is an automated program, and must receive the actual contents of the challenge file. It will not execute some javascript code to get there.

Are you passing your traffic through a CDN, such as CloudFlare? Are you aware of something you may have put in place to block programmatic access to your website? You will need to disable this, if possible, for the .well-known/acme-challenge directory, or if not, altogether. The only other way to get a certificate would be to use the DNS challenge type instead, as this doesn’t require a connection directly to your server. Unfortunately, it can also present different challenges for automation.


#3

Hello Team,

I have upload one under cunstrction html file for cbseresults.nic.in and this link verify by browser
please open it
http://cbseresults.nic.in/.well-known/acme-challenge/vdMho8JAgMv5K4nYETo7EHVSg9-sFEd3Cm88qFKSfJI

still getting same issue
regards


#4

There’s definitely some kind of web application firewall (WAF) or proxy sitting in front of your web server.

See these responses:

$ curl -i http://cbseresults.nic.in/.well-known/acme-challenge/vdMho8JAgMv5K4nYETo7EHVSg9-sFEd3Cm88qFKSfJI
HTTP/1.1 200 OK
Connection: close
Pragma: no-cache
cache-control: no-cache
Content-Type: text/html
Content-Length: 247

<!DOCTYPE html><html><title></title><script>var y=window</script><script>var x={o:'ETo7EHVSg9-sFEd3Cm88qFKSfJI',t:'/WZcTj/.well-known/acme-c',h:'hallenge/vdMho8JAgMv5K4nY'};function rsu(){return x.t+x.h+x.o}y.location.assign(rsu())</script></html>

$ curl -i http://cbseresults.nic.in/.well-known/acme-challenge/vdMho8JAgMv5K4nYETo7EHVSg9-sFEd3Cm88qFKSfJI
HTTP/1.1 302 Found
Connection: close
Pragma: no-cache
cache-control: no-cache
Location: /.well-known/acme-challenge/vdMho8JAgMv5K4nYETo7EHVSg9-sFEd3Cm88qFKSfJI

Basically as jared.m already mentioned, you’ll need to find some way to disable the interception of these requests, or you won’t be able to use Let’s Encrypt’s HTTP validation method.