Challenge validation failed with error 403 #369

New Issue

adam · 2025-12-29T01:23:48+01:00

adam commented

2025-12-29 01:23:48 +01:00

Originally created by @alexnimo on GitHub (Aug 7, 2018).

Hi,
I'm getting 403 unauthorized when trying to verify the challenge.
No matter what I tried the same error return each time.
Verifying manually works fine.
Checking with https://letsdebug.net/nimolab.bisec.net/3403 returns ok.

Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: {
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "The key authorization file from the server did not match this challenge [ArF1tSSdspir8lUayKrXoIYzN7Td_in8D1BQYAMV6ys.TfWakAN0-AKn7EJ6Fwl94Eg4J1E0bekeWEjpbefLk3k] != [ArF1tSSdspir8lUayKrXoIYzN7Td_in8D1BQYAMV6ys]",
"status": 403
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Ua2IqIX902koEDP-zerJbTT1787RviauWQiIq6mFkcU/157297303",
"token": "ArF1tSSdspir8lUayKrXoIYzN7Td_in8D1BQYAMV6ys",
"validationRecord": [
{
"url": "http://nimolab.bisec.net/.well-known/acme-challenge/ArF1tSSdspir8lUayKrXoIYzN7Td_in8D1BQYAMV6ys",
"hostname": "nimolab.bisec.net",
"port": "80",
"addressesResolved": [
"212.25.122.182"
],
"addressUsed": "212.25.122.182"
}
]
})

Any ideas what might be the issue?

Thanks

Originally created by @alexnimo on GitHub (Aug 7, 2018). Hi, I'm getting 403 unauthorized when trying to verify the challenge. No matter what I tried the same error return each time. Verifying manually works fine. Checking with https://letsdebug.net/nimolab.bisec.net/3403 returns ok. + Challenge validation has failed :( ERROR: Challenge is invalid! (returned: invalid) (result: { "type": "http-01", "status": "invalid", "error": { "type": "urn:ietf:params:acme:error:unauthorized", "detail": "The key authorization file from the server did not match this challenge [ArF1tSSdspir8lUayKrXoIYzN7Td_in8D1BQYAMV6ys.TfWakAN0-AKn7EJ6Fwl94Eg4J1E0bekeWEjpbefLk3k] != [ArF1tSSdspir8lUayKrXoIYzN7Td_in8D1BQYAMV6ys]", "status": 403 }, "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Ua2IqIX902koEDP-zerJbTT1787RviauWQiIq6mFkcU/157297303", "token": "ArF1tSSdspir8lUayKrXoIYzN7Td_in8D1BQYAMV6ys", "validationRecord": [ { "url": "http://nimolab.bisec.net/.well-known/acme-challenge/ArF1tSSdspir8lUayKrXoIYzN7Td_in8D1BQYAMV6ys", "hostname": "nimolab.bisec.net", "port": "80", "addressesResolved": [ "212.25.122.182" ], "addressUsed": "212.25.122.182" } ] }) Any ideas what might be the issue? Thanks

adam closed this issue

2025-12-29 01:23:48 +01:00

adam commented

2025-12-29 01:23:49 +01:00

@lukas2511 commented on GitHub (Aug 9, 2018):

This looks like a misconfiguration on your side. Accessing something like http://nimolab.bisec.net/.well-known/acme-challenge/shouldnotexist results in a response where with normal operation just a 404 should be returned. I'm not sure what exactly you are doing there, but it doesn't seem to be working as intended.

@lukas2511 commented on GitHub (Aug 9, 2018): This looks like a misconfiguration on your side. Accessing something like http://nimolab.bisec.net/.well-known/acme-challenge/shouldnotexist results in a response where with normal operation just a 404 should be returned. I'm not sure what exactly you are doing there, but it doesn't seem to be working as intended.

adam commented

2025-12-29 01:23:50 +01:00

@alexnimo commented on GitHub (Aug 9, 2018):

It's defiantly not a misconfigurarion.
I'm doing a very simply reply to anything that tries to access the acme-challenge uri, it will return the response challenge generated during the process.
And if you notice than when you're trying to access the virtual directory, you will get the response challenge..

@alexnimo commented on GitHub (Aug 9, 2018): It's defiantly not a misconfigurarion. I'm doing a very simply reply to anything that tries to access the acme-challenge uri, it will return the response challenge generated during the process. And if you notice than when you're trying to access the virtual directory, you will get the response challenge..

adam commented

2025-12-29 01:23:50 +01:00

@lukas2511 commented on GitHub (Aug 9, 2018):

If you are using the deploy_challenge hook it seems that you are using the wrong parameter (second instead of third parameter, named TOKEN_FILENAME instead of TOKEN_VALUE in the example hook) which doesn't contain the full verification token. Also please keep in mind that if this is some kind of load balancer and this deployment is the same for all your subdomains you might run into problems with certificates for multiple subdomains.

@lukas2511 commented on GitHub (Aug 9, 2018): If you are using the `deploy_challenge` hook it seems that you are using the wrong parameter (second instead of third parameter, named `TOKEN_FILENAME` instead of `TOKEN_VALUE` in the example hook) which doesn't contain the full verification token. Also please keep in mind that if this is some kind of load balancer and this deployment is the same for all your subdomains you might run into problems with certificates for multiple subdomains.

adam commented

2025-12-29 01:23:51 +01:00

@alexnimo commented on GitHub (Aug 9, 2018):

Didn't noticed that I grabbed the file name instead of the challenge.
Now it works!
Thanks!

@alexnimo commented on GitHub (Aug 9, 2018): Didn't noticed that I grabbed the file name instead of the challenge. Now it works! Thanks!

adam referenced this issue

2025-12-29 01:29:26 +01:00

[PR #369] [CLOSED] Fix typos #815

Sign in to join this conversation.