Letsencrypt acme_challenge file created but unauthorized, invalid response, Forbidden

OS type and version: Ubuntu 16.04
Webmin version: 1.981
Virtualmin version: 6.17
Related products version: RECOMMENDED

I am unable to create a certificate for a specific virtual server, I get the following response - The challenge file is correctly created on the server, containing its token. I browse all the Internet without finding a useful pointer.

Requesting a certificate for web3.see.asso.fr from Let’s Encrypt …
… request failed : Web-based validation failed : Failed to request certificate :slight_smile:

Traceback (most recent call last):
File “/usr/share/webmin/webmin/acme_tiny.py”, line 198, in
File “/usr/share/webmin/webmin/acme_tiny.py”, line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File “/usr/share/webmin/webmin/acme_tiny.py”, line 149, in get_crt
raise ValueError(“Challenge did not pass for {0}: {1}”.format(domain, authorization))
ValueError: Challenge did not pass for web3.see.asso.fr: {‘challenges’: [{‘validationRecord’: [{‘port’: ‘80’, ‘url’: ‘http://web3.see.asso.fr/.well-known/acme-challenge/scgFOb7cabsAUntt3XNXjPvL1udDOw9mdFx4-jvyiJc’, ‘addressesResolved’: [‘’], ‘hostname’: ‘web3.see.asso.fr’, ‘addressUsed’: ‘’}], ‘url’: ‘https://acme-v02.api.letsencrypt.org/acme/chall-v3/34144457750/McAP1A’, ‘validated’: ‘2021-09-25T06:23:49Z’, ‘status’: ‘invalid’, ‘token’: ‘scgFOb7cabsAUntt3XNXjPvL1udDOw9mdFx4-jvyiJc’, ‘type’: ‘http-01’, ‘error’: {‘type’: ‘urn:ietf:params:acme:error:unauthorized’, ‘detail’: ‘Invalid response from http://web3.see.asso.fr/.well-known/acme-challenge/scgFOb7cabsAUntt3XNXjPvL1udDOw9mdFx4-jvyiJc []: “\n\n403 Forbidden\n\n


\n<p”’, ‘status’: 403}}], ‘expires’: ‘2021-10-02T06:23:47Z’, ‘status’: ‘invalid’, ‘identifier’: {‘type’: ‘dns’, ‘value’: ‘web3.see.asso.fr’}}

By the way, I don’t find any logs for Letsencrypt as setup by Virtualmin.

Any help appreciated.

There are web server logs (access and error logs), which will contain additional information. The Let’s Encrypt output is entirely there…you’ve just posted it. It tells us exactly what happened.

The reasons could be:

  1. You’ve got a web app that is sucking up the requests to .well-known/ paths, and since it doesn’t recognize the path it returns a forbidden. This is very common. You have to modify your redirects or proxy rules to let .well-known requests got to the filesystem.
  2. Your DNS is wrong. Is the right IP for your domain on this server?

I can’t think of much else. That’s pretty much always why LE gets a forbidden response.

1 Like

Thank you for the advice, this let me look at the right direction.
Strangely, Virtualmin changed the virtual server IP address that I use to set “*” to the base server IP.
As Virtualmin does not provide this setting, so I reverted manually the Apache virtual server conf file.
Thanks a lot!

Virtualmin uses the IPs you tell it in Virtualmin Configuration->Network Settings->Default IP address for DNS records

Or, the specific IP you chose for this domain.

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.