i tray to Verification my domain in zreossl and see this message
Some domains have failed verification. Please study the list below and then click “Next” to try requesting new challenges for them. Note: the challenge values will be different
Welcome the community forum. Can you please post the domain(s) you’re attempting to issue for? As far as the javascript error, you may want to reach out to the ZeroSSL team as they are the client you’re using.
Hosts using that package don't block all traffic. Your browser might appear to work because of its User-Agent header or because it supports cookies or can execute JavaScript -- or maybe other reasons, like your IP address.
Visible Content: This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support
Info: Html-Content with meta and/or script, may be a problem creating a Letsencrypt certificate using http-01 validation
The “small content” is always the same:
<html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("1c167956de3e1144501be14a7c38a53a");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="http://hassand.com/.well-known/acme-challenge/xtuhktyfkg6jguyuptk-lzl4mulrusd8wsxik59z0zk?i=1";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>
That’s a script that checks some things, then it adds “i=1” to your url.
Another way of describing this is that your hosting environment tries to insist that the file can only be accessed by a browser, not by a bot. But the Let’s Encrypt validator is a bot. Therefore, it can’t access things that are designed to prevent bots from accessing them, like the validation files as served by this web host.
That is actually not quite correct. I believe it would be better worded as "Your web server is configured to block the bots (or any automated attempts to fetch content), so you will not be able to use HTTP verification unless you turn that protection off temporarily. You can use DNS verification however, as long as you control your domain records".
Just to clarify - the content posted there is not a javascript error on ZeroSSL - that is the actual error message returned when the verification fails for the domain in question (as also later shown by @JuergenAuer in his testing). Usually that is an indication of testcookie-nginx-module installed and active on the server. If the user has no control over the configuration of that module, simple bots (such as LE verification agents) will fail to access the content, so DNS verification is a good alternative in that case.