Forge Let's Encrypt SSL 403 error

Trying to add a Let's Encrypt SSL certificate for a domain and it fails doing the challenge:

--2018-07-09 12:34:12--  https://forge-certificates.laravel.com/le/xxxxxx/565125?env=production
Resolving forge-certificates.laravel.com (forge-certificates.laravel.com)... 104.25.9.32, 104.25.8.32, 2400:cb00:2048:1::6819:820, ...
Connecting to forge-certificates.laravel.com (forge-certificates.laravel.com)|104.25.9.32|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘letsencrypt_script1531139652’

     0K ..                                                     23.2M=0s

2018-07-09 12:34:12 (23.2 MB/s) - ‘letsencrypt_script1531139652’ saved [2344]

Cloning into 'letsencrypt1531139652'...
ERROR: Challenge is invalid! (returned: invalid) (result: {
  "type": "http-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "Invalid response from http://domain.de/.well-known/acme-challenge/mg3pZtSQZAND0ver1ZmAZfIQb_-lDHvhfpnpGsHvoFs: \"\u003c!DOCTYPE html\u003e\n\u003chtml lang=\"en\"\u003e\n\u003chead\u003e\n    \u003cmeta charset=\"utf-8\"\u003e\n    \u003ctitle\u003edomain\u003c/title\u003e\n    \u003cmeta name=\"viewport\" content=\"",
    "status": 403
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/fI23nBLAfCFJTmkUvGDcuIt0q32cqlZWssTGnvl7Wpc/5555735346",
  "token": "mg3pZtSQZAND0ver1ZmAZfIQb_-lDHvhfpnpGsHvoFs",
  "validationRecord": [
    {
      "url": "http://domain.de/.well-known/acme-challenge/mg3pZtSQZAND0ver1ZmAZfIQb_-lDHvhfpnpGsHvoFs",
      "hostname": "domain.de",
      "port": "80",
      "addressesResolved": [
        "xxx.xxx.xxxxxx",
        "xxxx:xxx:xxxx:xxx::1"
      ],
      "addressUsed": "xxx.xxx.xxx.xxx",
      "addressesTried": [
        "xxxx:xxx:xxxx:xxx::1"
      ]
    }
  ]
})

curl -ikL http://domain.de/.well-known/acme-challenge/mg3pZtSQZAND0ver1ZmAZfIQb_-lDHvhfpnpGsHvoFs does work and resolves to a 200

Also saw these errors

2018/07/08 13:33:44 [emerg] 2585#2585: no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/sites-enabled/my.app.com:4
2018/07/08 13:35:01 [notice] 2994#2994: signal process started
2018/07/08 13:35:23 [error] 2999#2999: *30 directory index of "/home/forge/my.app.com/current/public/" is forbidden, client: xx.1xxx.xx.xx, server: , request: "GET / HTTP/1.1", host: "app.de"

Domain folder only accessible by owner drwx (forge) not sure if that matters..

Ideas how to bypass this?

rhand

7 years ago

Level 6

I fixed the first SSL error [emerg] 2585#2585: no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/sites-enabled/my.app.com:4, but still getting a 403

rhand

7 years ago

Best Answer

Level 6

Issue solved. Did not load the challenge directory properly as setup by Forge.

Please or to participate in this conversation.