Let's Encrypt fails with 403

Discussion in 'Programming/Scripts' started by vStubbs42, Sep 1, 2023.

  1. vStubbs42

    vStubbs42 New Member

    I'm trying to deploy a Laravel app on Forge following a tutorial that I would love to link but apparently can't because I'm a new user. When I try to create an SSL certificate, I get this error:


    ERROR: Challenge is invalid! (returned: invalid) (result: ["type"] "http-01"
    ["status"] "invalid"
    ["error","type"] "urn:ietf:params:acme:error:unauthorized"
    ["error","detail"] "76.76.21.21: Invalid response : 404"
    ["error","status"] 403
    ["error"] {"type":"urn:ietf:params:acme:error:unauthorized","detail":"76.76.21.21: Invalid
    response from : 404","status":403}


    I've seen many similar posts here, but they all attempt something a bit more complicated than I am here, like renewing an SSL, or hosting multiple project. Every tutorial I found online dealing with this however treats it as a 30 second job with no possible issues whatsoever.

    The solutions offered by forge are not really applicable, i have made sure to have "all domains specified for the certificate contain a DNS "A" record that points to your server's public IP address", and I have not edited my Nginx config either.

    I don't have much experience with Linux or deployment, so please bear with me. Any input on this would be greatly appreciated.

    EDIT: I just did an ls in the Forge terminal, and it seems that the .well-known folder is simply not on the server in the first place.
     
    Last edited: Sep 1, 2023
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Do you use ISPConfig on this server or have you set up Nginx manually? Also please post the link to the tutorial you used, just leave out the https:// at the beginning, and then you can post it.
     
  3. vStubbs42

    vStubbs42 New Member

    M
    No ISPConfig. And I am still unable to post the link, even when removing the https, so I just put it in this tutorial.txt below.
     

    Attached Files:

  4. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Why don't you ask that software community because that is software specific problem and definitely not general linux.
     
    till likes this.
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    As far as I can see, you are using a paid service to set this up, so you might want to contact its support if it's not working. In your first post, you mentioned you found many similar posts here, but as far as I know, we have no posts about that commercial service offering you are using and no tutorials on using that service.
     
  6. vStubbs42

    vStubbs42 New Member

    I have, I'm trying pretty much anything I can think of at this point.

    EDIT: seems the original issues was that I selected a server type that wasn't compatible with my PHP version.
    Now I'm dealing with a new issue however:

    2023-09-01 14:39:36 URL:https://forge-certificates.laravel.com/le/1893139/2086831/ecdsa?env=production [4514] -> "letsencrypt_script1693579176" [1]
    Cloning into 'letsencrypt1693579176'...
    ERROR: Challenge is invalid! (returned: invalid) (result: ["type"] "http-01"
    ["status"] "invalid"
    ["error","type"] "urn:ietf:params:acme:error:unauthorized"
    ["error","detail"] "The key authorization file from the server did not match this challenge. Expected \"1WE4jQde4zY_Rz3vYAgE-xlR3VSEkUJ5neTsTbbfn-Y.tJ2ZABQvRAU1ZkqpP2UrTU-ZgNWDnOOtfk5wfFD3Jbs\" (got \"\")"
    ["error","status"] 403
    ["error"] {"type":"urn:ietf:params:acme:error:unauthorized","detail":"The key authorization file from the server did not match this challenge. Expected \"1WE4jQde4zY_Rz3vYAgE-xlR3VSEkUJ5neTsTbbfn-Y.tJ2ZABQvRAU1ZkqpP2UrTU-ZgNWDnOOtfk5wfFD3Jbs\" (got \"\")","status":403}
    ["url"] "https://acme-v02.api.letsencrypt.org/acme/chall-v3/260407301936/w4v87Q"
    ["token"] "1WE4jQde4zY_Rz3vYAgE-xlR3VSEkUJ5neTsTbbfn-Y"
    ["validationRecord",0,"url"] "http://freddy.org/.well-known/acme-challenge/1WE4jQde4zY_Rz3vYAgE-xlR3VSEkUJ5neTsTbbfn-Y"
    ["validationRecord",0,"hostname"] "freddy.org"
    ["validationRecord",0,"port"] "80"
    ["validationRecord",0,"addressesResolved",0] "75.2.70.75"
    ["validationRecord",0,"addressesResolved",1] "99.83.190.102"
    ["validationRecord",0,"addressesResolved"] ["75.2.70.75","99.83.190.102"]
    ["validationRecord",0,"addressUsed"] "75.2.70.75"
    ["validationRecord",0] {"url":"http://freddy.org/.well-known/acme-challenge/1WE4jQde4zY_Rz3vYAgE-xlR3VSEkUJ5neTsTbbfn-Y","hostname":"freddy.org","port":"80","addressesResolved":["75.2.70.75","99.83.190.102"],"addressUsed":"75.2.70.75"}
    ["validationRecord"] [{"url":"http://freddy.org/.well-known/acme-challenge/1WE4jQde4zY_Rz3vYAgE-xlR3VSEkUJ5neTsTbbfn-Y","hostname":"freddy.org","port":"80","addressesResolved":["75.2.70.75","99.83.190.102"],"addressUsed":"75.2.70.75"}]
    ["validated"] "2023-09-01T14:39:42Z")

    Any ideas what this might be about?
     
    Last edited: Sep 1, 2023
  7. Taleman

    Taleman Well-Known Member HowtoForge Supporter

Share This Page