How do I force HTTP verification? Lets Encrypt performs HTTPS verification. I don't have a certificate and the verification always fails.

Question

How do I force HTTP verification? Lets Encrypt performs HTTPS verification. I don't have a certificate and the verification always fails.

Closed this issue 3 years ago · 2 comments

YuriKalninDev commented 3 years ago

Hi

I am creating a certificate as described in the readme.

I call the verification code

$client->domainValidation()->start($account, $validationStatus[0])

then I call

$result = $client->domainValidation()->status($order)

var_dump($result)

1 => array:1 [
0 => Rogierw\RwAcme\DTO\DomainValidationData^ {#2705
+identifier: array:2 [
"type" => "dns"
"value" => "beauty-prodvizhenie.ru"
]
+status: "invalid"
+expires: "2021-11-14T15:40:46Z"
+file: array:7 [
"type" => "http-01"
"status" => "invalid"
"error" => array:3 [
"type" => "urn:ietf:params:acme:error:unauthorized"
"detail" => "Invalid response from https://beauty-prodvizhenie.ru:443/.well-known/acme-challenge/dUuj9mcQ3R1_PemfaDO-sGtNwEfvWCuhwKna4aOSf08 [2a00:f940:2:4:2::381]: "\r\n<title>404 Not Found</title>\r\n\r\n

404 Not Found

\r\n

nginx/1.16.1</ce""
"status" => 403
]
"url" => "https://acme-v02.api.letsencrypt.org/acme/chall-v3/47076411230/sJAUdw"
"token" => "dUuj9mcQ3R1_PemfaDO-sGtNwEfvWCuhwKna4aOSf08"
"validationRecord" => array:2 [
0 => array:5 [
"url" => "http://beauty-prodvizhenie.ru/.well-known/acme-challenge/dUuj9mcQ3R1_PemfaDO-sGtNwEfvWCuhwKna4aOSf08"
"hostname" => "beauty-prodvizhenie.ru"
"port" => "80"
"addressesResolved" => array:2 [
0 => "62.84.122.253"
1 => "2a00:f940:2:4:2::381"
]
"addressUsed" => "2a00:f940:2:4:2::381"
]
1 => array:5 [
"url" => "https://beauty-prodvizhenie.ru:443/.well-known/acme-challenge/dUuj9mcQ3R1_PemfaDO-sGtNwEfvWCuhwKna4aOSf08"
"hostname" => "beauty-prodvizhenie.ru"
"port" => "443"
"addressesResolved" => array:2 [
0 => "62.84.122.253"
1 => "2a00:f940:2:4:2::381"
]
"addressUsed" => "2a00:f940:2:4:2::381"
]
]
"validated" => "2021-11-07T15:41:15Z"
]
+dns: []
+validationRecord: []
#ignoreMissing: false
#exceptKeys: []
#onlyKeys: []
}
]

The check is carried out using the HTTPS protocol.

The site does not yet have a certificate and therefore cannot respond via HTTPS.

How do I force LETs encrypt to do HTTP authentication?

Answer 1 · 2021-11-10T09:10:18.000Z

Hi, I haven't seen this before to be honest. What did you specify in the $client->order()->new() method?

Answer 2 · 2021-11-10T13:19:42.000Z

Hi, I haven't seen this before to be honest. What did you specify in the $client->order()->new() method?

All OK!

ACME has initiated IPV6 domain validation. If the domain has an AAAA record, the ACME will check the domain against it. My server couldn't handle IPV6. I deleted AAAA records from the domain.