Webroot verification failing : "unauthorized"

I can properly access a text file located in the .well-known/acme-challenge/ directory.

However, curl i - http://[mydomain.net]/.well-known/acme-challenge/test.txt throws a 404 error. So I guess that’s why verification fails.

What may cause this ?

Please show the vhost config file(s)

I found these two statements a bit contradictory. Do you mean that you can access it with a browser, but not with curl? Maybe an IPv6 address advertised via an AAAA DNS record but not properly configured on the server? (You can distinguish that case by running once with curl -4 and once with curl -6.)

Yes, I mean exactly that. I can access it from a browser (and someone else I asked could to), but curl throws the 404 error (same error with curl -4)

Testing with -6 ; the message is one line only ; about an unreachable network. The website isn’t configured to use an IPv6 adress afaik.

I’m behind Cloudflare ; but it shouldn’t interfere with the webroot method ?

Could you tell us the domain name?

No, it shouldn't.

[quote="schoen, post:5, topic:40355, full:true"]
Could you tell us the domain name?[/quote]
I'd prefer not to. However, I may share the error log (sanitized) that certbot wrote when I tried to validate the domain ?

No, it shouldn't.
[/quote][/quote]
I've read the same thing on their website. Even with "I'm under attack mode" ?

How about the text of the 404 message and any web server logs that contrast the apparent success and failure when accessing the file? Maybe there's some configuration that looks at the user-agent string when deciding whether to serve the file?

HTTP/1.1 404 Not Found
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 1148
Date: Thu, 17 Aug 2017 19:51:46 GMT
Accept-Ranges: bytes
Server: LiteSpeed
Connection: Keep-Alive

And default 404 page html then

What do you see on the web server side?

Sorry, I understand the words but I don’t understand the question. :sweat_smile:

The certbot error log : https://pastebin.com/SvquYtHb

There should be a web server log somewhere in /var/log from the web server application.

Can you show the (sanitized) vhost config file(s)?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.