Open rekby opened 5 years ago
The above JSON is from a single challenge resource. The AuthorizationError
is constructed from the whole authorization resource, not a single challenge.
Could you post the failed authorization resource? It should be available somewhere at https://acme-staging.api.letsencrypt.org/acme/authz/xxx
.
{
"identifier": {
"type": "dns",
"value": "XXX"
},
"status": "invalid",
"expires": "2019-07-02T11:39:09Z",
"challenges": [
{
"type": "dns-01",
"status": "invalid",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/XXX/XXX",
"token": "humF-jopUK1o9DmA-w2v1HhrbyIxTv4YmUp1wVc7rZA"
},
{
"type": "tls-alpn-01",
"status": "invalid",
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/XXX/XXX",
"token": "zTTr2H00bDEG4RdIZBWj35MCZhmS7-EDNTASZd-0wWw"
},
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:unauthorized",
"detail": "Invalid response from http://XXX/.well-known/acme-challenge/BNx06A619GgwYep4ZQGSbCcA_Mo0uaPgj1W9asdwh3k [YYY]: \"\u003c!DOCTYPE HTML PUBLIC \\\"-//IETF//DTD HTML 2.0//EN\\\"\u003e\\n\u003chtml\u003e\u003chead\u003e\\n\u003ctitle\u003e403 Forbidden\u003c/title\u003e\\n\u003c/head\u003e\u003cbody\u003e\\n\u003ch1\u003eForbidden\u003c/h1\u003e\\n\u003cp\"",
"status": 403
},
"uri": "https://acme-staging.api.letsencrypt.org/acme/challenge/XXX/XXX",
"token": "BNx06A619GgwYep4ZQGSbCcA_Mo0uaPgj1W9asdwh3k",
"validationRecord": [
{
"url": "http://XXX/.well-known/acme-challenge/BNx06A619GgwYep4ZQGSbCcA_Mo0uaPgj1W9asdwh3k",
"hostname": "XXX",
"port": "80",
"addressesResolved": [
"YYY"
],
"addressUsed": "YYY"
}
]
}
],
"combinations": [
[
0
],
[
1
],
[
2
]
]
}
Ideal description in error I see as: "acme: authorization error for 'domain': website reject authorization error with 403 status"
curl https://acme-staging.api.letsencrypt.org/acme/challenge/XXX/YYY