ZeroSSL verification

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Is there more information, or a question, that you forgot to post?

Sorry! It’s my first post. I don’t have answers to the questions posed. I’m viewing the page from mobile and was impossible to navigate to enter a question.

I attempted to delete/remove the post but couldn’t achieve that either. Maybe I’ll use desktop from now on.

My original issue is this: ZeroSSL
I have tried to verify my domain via their webpage. However, the verification fails with Javascript error messages. I intend to screenshot.

They note that Letsencrypt manages the back end, hence my posting here.

Could you advise my best course of action please.

Thanks!

We’d need to see the message you’re getting to really offer any helpful insights to this one - there’s any number of things that could be happening here.

I agree with @jared.m that it would be helpful to see the exact errors.

One thing that often causes this is when your hosting provider (or CDN) has an anti-DDoS or anti-spam measure that tries to confirm that visitors are human beings using real web browsers before allowing them to access site content. However, the Let’s Encrypt CA that’s performing the verification isn’t a human being and isn’t using a web browser to access the verification file, and so it will fail any such check. Therefore, these checks need to be disabled on sites that request Let’s Encrypt certificates (or at least disabled for resources within the path /.well-known/acme-challenge).

Thanks guys! OK, I’m going to re-create the scenario and capture the “error messages” in an image.

I’ll post again when done. I’ll contact my hosting provider and enquire if in fact there is a security feature which blocks non-human activity.

Much appreciated.

I’ve just re-run the ZeroSSL domain verification process and this is the error presented:

Invalid response from http://www.xxxxxxx.com/.well-known/acme-challenge/hYCFszcBRXGQb3O3-8aNb6Y1fCsxH5DldD1W2KK8paY: “function toNumbers(d){var e=[];d.replace(/(…)/g,func”

Thanks!

That looks like the issue @schoen mentioned above:

The website is returning a “checking your browser” HTML page instead of the challenge file. (When browsers visit the URL, it will probably do a JavaScript redirect to the real file, but that’s not good enough.)

You need to whitelist /.well-known/acme-challenge/ from the security thing, or deactivate the security thing, or talk to your web host.

I am trying to do the verification on another host. (Heliohost.org). I am getting a different error even though the file is on the host in correct location and succeeds the test url link from Zerossl.com site.

The error is: “detail”: “JWS has invalid anti-replay nonce c1712kWEtyHm0u2TsywnqWNz4b5h4VIi6e-AXBKqFh0”, “status”: 400 }"

Any ideas what might be the cause of this? My OS is Windows 10 and browser Firefox.

Thanks!

The anti-replay nonce has a limited lifetime. With fully automated clients this isn’t a problem, but with a semi-manual solution like Zerossl this can mean you need to go pretty quickly, especially at busy times.

That might not be the problem, but trying to go quickly, and perhaps at a quiet time of day might solve it if that’s the problem.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.