Fails to grab SSL certificate (acme error 403)

PhoenixOnARoof · June 24, 2019, 2:37am

Im trying to run the command caddy -conf /etc/Caddyfile but the result is always the same error.

The entire attempt log is:
Activating privacy features... 2019/06/24 04:14:10 [INFO] [i.phoenixonaroof.me] acme: Obtaining bundled SAN certificate 2019/06/24 04:14:11 [INFO] [i.phoenixonaroof.me] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/TIQXOkGylLmdci-8jxCFILPmN2uodIAPcnDjZ8gMJ0U 2019/06/24 04:14:11 [INFO] [i.phoenixonaroof.me] acme: use tls-alpn-01 solver 2019/06/24 04:14:11 [INFO] [i.phoenixonaroof.me] acme: Trying to solve TLS-ALPN-01 2019/06/24 04:14:12 [INFO] Unable to deactivated authorizations: https://acme-v02.api.letsencrypt.org/acme/authz/TIQXOkGylLmdci-8jxCFILPmN2uodIAPcnDjZ8gMJ0U 2019/06/24 04:14:12 [i.phoenixonaroof.me] failed to obtain certificate: acme: Error -> One or more domains had a problem: [i.phoenixonaroof.me] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol "acme-tls/1" for tls-alpn-01 challenge, url:

PhoenixOnARoof · June 24, 2019, 3:50am

I got it to work by disabling CloudFlare protection

Whitestrake · June 24, 2019, 3:59am

Glad to hear you got it sorted! And, thanks for posting when you found out what the cause was.

Just as a heads up, Caddy should soon be able to work around the Cloudflare protection with the help of a recent addition:

https://github.com/mholt/certmagic/issues/34

This update hasn’t made its way into a release quite yet, but the next version of Caddy should have it!

system · September 22, 2019, 3:59am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.