404 forbidden error

FM2023 · December 9, 2024, 1:42am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: bstpoc.serviceconnect.defence.gov.au

I ran this command: using Certify the Web. Screenshot attached.

It produced this output: Log file attached...

Logs.txt (15.2 KB)

Validation of the required challenges did not complete successfully. Validation failed: bstpoc.serviceconnect.defence.gov.au
Response from Certificate Authority: 20.70.4.114: Invalid response from http://bstpoc.serviceconnect.defence.gov.au/.well-known/acme-challenge/2nqK1TwfONR-6l4gSs0q5CMrP0qkiyzLeRLthL_VDj8: 404 [Forbidden :: urn:ietf:params:acme:error:unauthorized]

My web server is (include version): Apache Tomcat 9

The operating system my web server runs on is (include version): Windows Server 2022

My hosting provider, if applicable, is: n/a

I can login to a root shell on my machine (yes or no, or I don't know): n/a

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): n/a

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certify the Web 6.1.2

Checked the windows firewall allows incoming TCP on port 80.

griffin · December 9, 2024, 2:34am

Tagging @webprofusion (author of Certify the Web) for assistance.

griffin · December 9, 2024, 2:45am

Upon initial inspection, my inkling is that your webserver configuration was recently changed in such a way that Certify can't properly present the HTTP-01 challenge file for Let's Encrypt's validation servers to find.

webprofusion · December 9, 2024, 10:27am

When using IIS Certify will automatically configure everything, when using Apache you have to configure the Site Root Directory under Authothorization > http-01 to point to your Apache htdocs path so that the app can populate the /.well-known/acme-challenge path of your site, you also need Apache to serve any of the files that are presented there and not redirect to an application or content management system.

I also note that your domain is behind Azure Application Gateway so you may need to check you are forwarding http requests directly to your server.

A basic test for http domain validation is to create an extensionless text file under the /.well-known/acme-challenge path of your site, then try to access it via http from a remote network. You need to have that working before you can complete an http challenge.

FM2023 · December 10, 2024, 2:22am

The issue was resolved by using certbot command. No change required at server /Infrastructure/application level.

Topic		Replies	Views
Cannot get certificate 404 error [Solved] Help	11	5083	December 15, 2019
404 error due to unauthorized type Help	8	236	July 11, 2024
Getting cert failied Help	6	393	October 19, 2020
The request message was malformed :: No order for ID 314377489407 Help	6	55	November 16, 2024
Error 404 when trying to get a Certtificate Help	6	591	June 15, 2020

404 forbidden error

Related topics