Validation of the required challenges - Unauthorized

sbabcock · January 27, 2022, 12:29am

IS on Windows Server 2019
Certificate request fails with :
Invalid response from http://test.com/.well-known/acme-challenge/89yRaePuA5tfgIOC9j-MEl0l7yxIBSACZ5phcIxzuj0 [111.222.123.124]: p://test.com)
!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd”>\r\n<html xmlns=“http” Forbidden urn:ietf:params:acme:error:unauthorized

webprofusion · January 27, 2022, 1:54am

It’s easier if you share your real domain but http validation (the default validation method) requires that the machine responds on http port 80 with the challenge response. This is to prove you control the server for the given domain that you want to include on your certificate.

So that means your firewall needs to be open on tcp port 80 and http requests to http://test.com/.well-known/acme-challenge/89yRaePuA5tfgIOC9j-MEl0l7yxIBSACZ5phcIxzuj0 need to be answered by your server running Certify The Web.

There are various reasons this can go wrong but they are all under your control. If you cannot use HTTP validation then you can alternatively use DNS validation.

If you require detailed support that is also available at support at certifytheweb.com for our licensed customers.

sbabcock · January 27, 2022, 9:19am

Here’s more of the log

2022-01-27 04:10:14.987 -05:00 [INF] Checking URL is accessible: http://rds.feniglaw.com/.well-known/acme-challenge/UNLiQOHjh0rysLKlBwq55huBrxmWqDIS8UogR4sRbDI [proxyAPI: False, timeout: 5000ms]
2022-01-27 04:10:15.176 -05:00 [INF] (local check) URL is accessible. Check passed. HTTP OK
2022-01-27 04:10:15.177 -05:00 [INF] Requesting Validation: rds.feniglaw.com
2022-01-27 04:10:15.217 -05:00 [INF] Attempting Challenge Response Validation for Domain: rds.feniglaw.com
2022-01-27 04:10:15.217 -05:00 [INF] Registering and Validating rds.feniglaw.com
2022-01-27 04:10:15.217 -05:00 [INF] Checking automated challenge response for Domain: rds.feniglaw.com
2022-01-27 04:10:16.984 -05:00 [INF] Domain validation failed: rds.feniglaw.com
Invalid response from http://rds.feniglaw.com/.well-known/acme-challenge/UNLiQOHjh0rysLKlBwq55huBrxmWqDIS8UogR4sRbDI [206.210.112.122]: "\r\n<html xmlns=“http” Forbidden urn:ietf:params:acme:error:unauthorized
2022-01-27 04:10:17.487 -05:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed: rds.feniglaw.com

webprofusion · January 28, 2022, 1:02am

Hi, I’d guess that tcp port 80 was not being forwarded to the correct server. Let’s Encrypt will check your domain from the public internet using an http request, so the port 80 traffic needs to go to the server running Certify. It looks like you’ve got that working now?