Letsencrypt troubles

Wanabo

Wanabo

Verified User
Joined
Jan 19, 2013
Messages
339
Read and tried a lot but I can't figure it out.

Letsencrypt won't let me renew a domain. This particular domain had letsencrypt ssl before, but I switched ssl off but now I need it again.

Followed this post, http://forum.directadmin.com/showthread.php?t=54118&highlight=HTTP/1.1+403+Forbidden and a couple of other posts.
Followed these tuts, https://help.directadmin.com/item.php?id=646 and https://help.directadmin.com/item.php?id=640

Nothing helped.
I'm particulary stunned about ""detail": "Error creating new authz :: "start-plaats.nl" was considered an unsafe domain by a third-party API"". It might be a low quality website, but unsafe?!?!? This really hurts.


Code: 
CentOS 7
apache/nginx
mod_security disabled, during letsencrypt request
CSF disabled, during letsencrypt request
CB 2.0.0 (rev: 1668)
Let's encrypt client 1.0.9


Code: 
[root@host scripts]# ./letsencrypt.sh renew start-plaats.nl 4096
Getting challenge for start-plaats.nl from acme-server...
User let's encrypt key has been found, but not registered. Registering...
Account is already registered.
Getting challenge for start-plaats.nl from acme-server...
new-authz error: HTTP/1.1 100 Continue
Expires: Fri, 28 Apr 2017 21:08:23 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 403 Forbidden
Server: nginx
Content-Type: application/problem+json
Content-Length: 176
Boulder-Request-Id: lVL0Jyc0e7mKRvotz2LvNqdkR6DHNYFdp9dfbEsp8XY
Boulder-Requester: 3079119
Replay-Nonce: ECkElwDZmBUnJ4gVTZWUY-_yQhpDwvUTWug8QVpjSX4
Expires: Fri, 28 Apr 2017 21:08:23 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 28 Apr 2017 21:08:23 GMT
Connection: close

{
  "type": "urn:acme:error:unauthorized",
  "detail": "Error creating new authz :: \"start-plaats.nl\" was considered an unsafe domain by a third-party API",
  "status": 403
}. Exiting...
[root@host scripts]#
 
Thanks ditto. By the thread you referred I learned that Letsencrypt uses Google Safe Browsing API. Entered my site in google webmasters to find out that an outgoing link to an other domain lands on a "malicious" site. Removed the link and requested a review. Now fingers crossed, this can take up to 72 hours.

I suppose this will address the unsafe domain issue, but I can't see the relevance between unsafe and the HTTP/1.1 403 Forbidden message.
But we'll see.
 
Update: Received a mail from google search control team and my site is clean. Requested new letsencrypt certificates again and all went ok except I had to restart httpd/nginx again.

Thanks for the help. The "Google Safe Browsing API" was the solution.
 
You must log in or register to reply here.
Back
Top