Certify The Web - new certificate config tests pass but creation fails


I’m using the latest Certify The Web v5.6.8.0 i’m trying to create a new certificate using challenge type http-01

All the configuration tests pass but when i go to ‘Request Certficate’ it fails reporting error 404 Forbidden.

I’ve set chmod to allow write permissions on the acme-challenge folder so no idea why its failing to create the random challenge file…

Any ideas please?

Hi Mat,

Are you using IIS as your web server or something else? Our app is optimised for IIS and can work side-by-side with IIS during http validation. A 404 would be unusual if that’s working ok, a Forbidden is something else (not a 404) and would imply that perhaps your external port 80 tcp traffic is not reaching your server.

The http challenge requires that the certificate authority can make an http request to your server and by default Certify The Web answers this for you without involving your web server, unless you are using something else like Apache or nginx which can’t share the http pipeline.

Can you provide a log? You can get the log from the status view of the managed certificate.


Thanks for your reply.

Sorry the 404 was a typo, i meant 403.

I’m not using IIS, it’s shared Linux hosting account on Godaddy running Apache. I thought i’d got around the issue by placing a dummy index.html in the required folder that made it pass the tests. Like i say the folder has public write permissions and i can also view the folder in my browser so it’s definately accessible…

With a lot of fiddling i managed to get 2 other domains working and certifed using the Godaddy API and DNS validation, but for this particular site i don’t have DNS access at present, only the updated A record pointing to my hosting.

Thanks, we don’t support remove http validation (like FTP-ing the challenge response file to your remote server, currently our app is mainly designed for running on the server itself and typically that’s also using IIS. If you use DNS validation you can run the renewals on any machine then use deployment task to copy the files where you need them.

If you don’t have DNS control for a domain you can still use something like acme-dns or Certify DNS if you can get the domain owner to create the required CNAME record for you.

Thanks for your reply.

I now have access to the DNS and I’ve tried using acme-dns, i did the test as per the instructions and it gave me a value to put into the CNAME for the DNS which i did but when i request certificate this value had changed to another random value and therefore failed?

What is the simplest way to get my domain verified please. The registrar is 123reg, but it looks like there isn’t an API for them in the list.

Random value for what? The app won’t ask you to create a different CNAME except for different domains - it’ll populate the TXT record in acme-dns and then Let’s Encrypt will follow the CNAME through to acme-dns and read the challenge response from there.

Without a log file I can’t really help you in more detail. If you are a licensed customer you can email support {at} certifytheweb.com with your log file.