Zerossl can't Verification

i tray to Verification my domain in zreossl and see this message

Some domains have failed verification. Please study the list below and then click “Next” to try requesting new challenges for them. Note: the challenge values will be different

Invalid response from http://------------.com/.well-known/acme-challenge/ItsT-KRIN5qQi9c1FmEAdohR9xVlP17w38udDbkAZxg [185.27.134.135]: “<script type=“text/javascript” src=”/aes.js" >function toNumbers(d){var e=;d.replace(/(…)/g,func"

how i can solve the problem

Hi @Hunter.Dawoud,

Welcome the community forum. Can you please post the domain(s) you’re attempting to issue for? As far as the javascript error, you may want to reach out to the ZeroSSL team as they are the client you’re using.

2 Likes

Hi @Hunter.Dawoud

if you have that message, your hoster blocks /.well-known/acme-challenge.

So you can’t create a certificate via Zerossl.

Change your hoster.

2 Likes

but i can open the link files in acme-challenge folder

Please share your domain name.

1 Like

Maybe you can, but Let’s Encrypt can’t.

Hosts using that package don’t block all traffic. Your browser might appear to work because of its User-Agent header or because it supports cookies or can execute JavaScript – or maybe other reasons, like your IP address.

1 Like

http://hassand.com/.well-known/acme-challenge/XTuhKtYfKG6JgUYUPTK-LZl4mUlRUSd8wsXiK59z0Zk

Now you see the problem.

Checked your domain and your explicit url - https://check-your-website.server-daten.de/?q=hassand.com%2F.well-known%2Facme-challenge%2Fxtuhktyfkg6jguyuptk-lzl4mulrusd8wsxik59z0zk

Domainname Http-Status redirect Sec. G
http://hassand.com/.well-known/acme-challenge/xtuhktyfkg6jguyuptk-lzl4mulrusd8wsxik59z0zk
185.27.134.135 200 0.074 H
small content:
http://www.hassand.com/.well-known/acme-challenge/xtuhktyfkg6jguyuptk-lzl4mulrusd8wsxik59z0zk
185.27.134.135 200 0.074 H
small content:
https://hassand.com/.well-known/acme-challenge/xtuhktyfkg6jguyuptk-lzl4mulrusd8wsxik59z0zk
185.27.134.135 200 1.297 J
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
small content:
https://www.hassand.com/.well-known/acme-challenge/xtuhktyfkg6jguyuptk-lzl4mulrusd8wsxik59z0zk
185.27.134.135 200 1.293 J
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors
small content:
http://hassand.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.27.134.135 200 0.074 J
Visible Content: This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support
Info: Html-Content with meta and/or script, may be a problem creating a Letsencrypt certificate using http-01 validation
http://www.hassand.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.27.134.135 200 0.073 J
Visible Content: This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support
Info: Html-Content with meta and/or script, may be a problem creating a Letsencrypt certificate using http-01 validation

The “small content” is always the same:

<html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("1c167956de3e1144501be14a7c38a53a");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="http://hassand.com/.well-known/acme-challenge/xtuhktyfkg6jguyuptk-lzl4mulrusd8wsxik59z0zk?i=1";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>

That’s a script that checks some things, then it adds “i=1” to your url.

So your browser reloads the page and has

http://hassand.com/.well-known/acme-challenge/XTuhKtYfKG6JgUYUPTK-LZl4mUlRUSd8wsXiK59z0Zk?i=1

?i=1

as new address.

So Letsencrypt can’t see the validating file.

1 Like

Another way of describing this is that your hosting environment tries to insist that the file can only be accessed by a browser, not by a bot. But the Let’s Encrypt validator is a bot. Therefore, it can’t access things that are designed to prevent bots from accessing them, like the validation files as served by this web host.

2 Likes

That is actually not quite correct. I believe it would be better worded as “Your web server is configured to block the bots (or any automated attempts to fetch content), so you will not be able to use HTTP verification unless you turn that protection off temporarily. You can use DNS verification however, as long as you control your domain records”.

This case is not specific to ZeroSSL and this has been previously responded here - Invalid Response From... even when file is ok

1 Like

Just to clarify - the content posted there is not a javascript error on ZeroSSL - that is the actual error message returned when the verification fails for the domain in question (as also later shown by @JuergenAuer in his testing). Usually that is an indication of testcookie-nginx-module installed and active on the server. If the user has no control over the configuration of that module, simple bots (such as LE verification agents) will fail to access the content, so DNS verification is a good alternative in that case.

3 Likes

Thank you for the clarification @leader!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.