DigitalOcean

Report this

What is the reason for this report?
Question

Failed authorization procedure whilst running Letsencrypt for multiple website(s)

Posted on September 16, 2020
Let's Encrypt
DigitalOcean
twanny

By twanny

I run letsdebug.net on vramalta.com . I enabled 'Full SSL (strict) on Cloudflare but still have the following log.

HTTPCheck
DEBUG
Requests made to the domain
Request to: vramalta.com/2606:4700:3032::6812:2e7a, Result: [Address=2606:4700:3032::6812:2e7a,Address Type=IPv6,Server=cloudflare,HTTP Status=403], Issue:
Trace:
@0ms: Making a request to http://vramalta.com/.well-known/acme-challenge/letsdebug-test (using initial IP 2606:4700:3032::6812:2e7a)
@0ms: Dialing 2606:4700:3032::6812:2e7a
@19ms: Server response: HTTP 403 Forbidden

Request to: vramalta.com/2606:4700:3031::6812:2f7a, Result: [Address=2606:4700:3031::6812:2f7a,Address Type=IPv6,Server=cloudflare,HTTP Status=403], Issue:
Trace:
@0ms: Making a request to http://vramalta.com/.well-known/acme-challenge/letsdebug-test (using initial IP 2606:4700:3031::6812:2f7a)
@0ms: Dialing 2606:4700:3031::6812:2f7a
@14ms: Server response: HTTP 403 Forbidden

Request to: vramalta.com/2606:4700:3033::ac43:9268, Result: [Address=2606:4700:3033::ac43:9268,Address Type=IPv6,Server=cloudflare,HTTP Status=403], Issue:
Trace:
@0ms: Making a request to http://vramalta.com/.well-known/acme-challenge/letsdebug-test (using initial IP 2606:4700:3033::ac43:9268)
@0ms: Dialing 2606:4700:3033::ac43:9268
@15ms: Server response: HTTP 403 Forbidden

Request to: vramalta.com/104.18.46.122, Result: [Address=104.18.46.122,Address Type=IPv4,Server=cloudflare,HTTP Status=403], Issue:
Trace:
@0ms: Making a request to http://vramalta.com/.well-known/acme-challenge/letsdebug-test (using initial IP 104.18.46.122)
@0ms: Dialing 104.18.46.122
@22ms: Server response: HTTP 403 Forbidden

Request to: vramalta.com/104.18.47.122, Result: [Address=104.18.47.122,Address Type=IPv4,Server=cloudflare,HTTP Status=403], Issue:
Trace:
@0ms: Making a request to http://vramalta.com/.well-known/acme-challenge/letsdebug-test (using initial IP 104.18.47.122)
@0ms: Dialing 104.18.47.122
@15ms: Server response: HTTP 403 Forbidden

Request to: vramalta.com/172.67.146.104, Result: [Address=172.67.146.104,Address Type=IPv4,Server=cloudflare,HTTP Status=403], Issue:
Trace:
@0ms: Making a request to http://vramalta.com/.well-known/acme-challenge/letsdebug-test (using initial IP 172.67.146.104)
@0ms: Dialing 172.67.146.104
@17ms: Server response: HTTP 403 Forbidden

HTTPRecords
DEBUG
A and AAAA records found for this domain
vramalta.com. 0 IN A 104.18.46.122
vramalta.com. 0 IN A 104.18.47.122
vramalta.com. 0 IN A 172.67.146.104
vramalta.com. 0 IN AAAA 2606:4700:3032::6812:2e7a
vramalta.com. 0 IN AAAA 2606:4700:3031::6812:2f7a
vramalta.com. 0 IN AAAA 2606:4700:3033::ac43:9268
LetsEncryptStaging
DEBUG
Challenge update failures for vramalta.com in order https://acme-staging-v02.api.letsencrypt.org/acme/order/5751349/150572340
acme: error code 403 "urn:ietf:params:acme:error:unauthorized": Invalid response from http://vramalta.com/.well-known/acme-challenge/y_anSdQuyf5vyUEbkq6JzPGmQcAFYUJHHuQ2Oxo4dWo [2606:4700:3031::6812:2f7a]: "<!DOCTYPE html>\n<!--[if lt IE 7]> <html class=\"no-js ie6 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if IE 7]> <html class=\"no-js "
PublicSuffix
DEBUG
The IANA public suffix is the TLD of the Registered Domain
The TLD for vramalta.com is: com
StatusIO
DEBUG
The current status.io status for Let's Encrypt
Operational

To be honest I am a bit confused as where to start. I seen similar errors but when I tried the offered solution(s) it didnt work for me. Help please.



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Janusz Szeligowski
Janusz Szeligowski
September 25, 2020

Hi,

When you have Cloudflare (CF) proxy turn on for your domain’s A/AAAA record/-s , letsdebug.net tool cannot get direct access to your origin server, and check if TLS certificate could be issued for a domain held by this server. My advice is to turn the proxy off, run letsdebug.net tool then, and turn proxy on again after the test.

To turn CF proxy off/on you must enter the CF DNS control panel and edit A/AAAA record/-s of your domain. Follow this guide: https://community.cloudflare.com/t/editing-dns-records/65070

There is an orange cloud icon as a toggle, as it is on that picture. Clicking on it you can turn the proxy on and off: https://images.ctfassets.net/slt3lc6tev37/1LXOtXS4OSmByrd15YFgoE/bc56a226d8d35f7780363e54b08a77f2/hc-import-add_record.png

Let us know how it went.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.