{"id":5420,"date":"2017-09-20T12:47:06","date_gmt":"2017-09-20T07:17:06","guid":{"rendered":"http:\/\/198.58.113.91\/blog\/?p=5420"},"modified":"2019-05-12T02:52:14","modified_gmt":"2019-05-12T02:52:14","slug":"sucuri-serverpilot-letsencrypt-acme-domain-authorization-failed","status":"publish","type":"post","link":"https:\/\/www.winhelponline.com\/blog\/sucuri-serverpilot-letsencrypt-acme-domain-authorization-failed\/","title":{"rendered":"[Fix] Sucuri and LetsEncrypt &#8211; ACME Domain Authorization Failed"},"content":{"rendered":"<p>Google has announced that starting with Chrome browser version 62, &#8216;Not secure&#8217; warnings will be shown for HTTP pages with user input fields and all HTTP pages in incognito mode. Going forward, &#8216;Not secure&#8217; warning would be shown for all HTTP pages even in normal browsing mode.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.winhelponline.com\/blog\/wp-content\/uploads\/2017\/09\/chrome-not-secure.png\" alt=\"chrome browser http not secure\" width=\"770\" height=\"290\" class=\"alignnone size-full wp-image-5421\" \/><!--more--><\/p>\n<p>Considering Google Chrome&#8217;s browser market share which is around 60%, it&#8217;s imperative that you enable SSL for your website. Many web hosts provide free SSL certificates issued by LetsEncrypt.<\/p>\n<p>If you&#8217;ve employed a reverse-proxy solution for your website, like Sucuri Web Application Firewall (WAF) or Cloudflare, they offer SSL certificates free of cost to you. That&#8217;s sufficient for enabling &#8220;Partial SSL&#8221; or &#8220;Flexible SSL&#8221;.<\/p>\n<ul>\n<li><a href=\"https:\/\/blog.sucuri.net\/2016\/04\/sucuri-firewall-free-letsencrypt-ssl-certs-for-everyone.html\" target=\"_blank\" rel=\"noopener noreferrer\">Free SSL Certificate from LetsEncrypt with the Sucuri Firewall<\/a><\/li>\n<li><a href=\"https:\/\/support.cloudflare.com\/hc\/en-us\/articles\/204144518-SSL-FAQ\" target=\"_blank\" rel=\"noopener noreferrer\">SSL FAQ \u2013 Cloudflare Support<\/a><\/li>\n<\/ul>\n<p>Partial\/Flexible SSL provides a secure connection between your visitor and your reverse-proxy server (Sucuri, CloudFlare, etc.), but no secure connection between reverse-proxy and your web server. Although you don&#8217;t need to have an SSL certificate on your web server, partial SSL is not recommended if you have any sensitive information on your website. Regardless, your visitors still see the site as being HTTPS enabled.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.winhelponline.com\/blog\/wp-content\/uploads\/2017\/09\/cloudflaressl_flexible.png\" alt=\"cloudflare flexible ssl\" width=\"307\" height=\"94\" class=\"alignnone size-full wp-image-5422\" \/><\/p>\n<h2>Sucuri &amp; ServerPilot with Linode, DO, Vultr or other:: LetsEncrypt SSL installation<\/h2>\n<p>Enabling <strong>Full SSL<\/strong> requires enabling SSL on your web server or the hosting server. You can get a free SSL certificate from LetsEncrypt and install it on your hosting server.<\/p>\n<p>I run my website on Linode and is managed by ServerPilot. I followed this excellent guide written by Robert Went &#8212; <a href=\"https:\/\/www.robertwent.com\/blog\/using-letsencrypt-serverpilot\/\" target=\"_blank\" rel=\"noopener noreferrer\">Using LetsEncrypt With Serverpilot<\/a>. When following Step 2 in that guide, my domain validation could not succeed since I employ Sucuri&#8217;s WAF. Here is the full error message I received in the SSH console.<\/p>\n<pre><code>\r\nObtaining a new certificate\r\nPerforming the following challenges:\r\nhttp-01 challenge for winhelponline.com\r\nhttp-01 challenge for www.winhelponline.com\r\nUsing the webroot path \/srv\/...\/public for all unmatched domains.\r\nWaiting for verification...\r\nCleaning up challenges\r\nFailed authorization procedure. www.winhelponline.com (http-01): \r\nurn:acme:error: unauthorized :: The client lacks sufficient authorization\r\n:: Invalid response from https:\/\/www.winhelponline.com\/.well-known\/acme-challenge\/\r\n\"\r\n[title]404 Not Found[\/title]\r\n\r\nIMPORTANT NOTES:\r\n   To fix these errors, please make sure that your domain name was\r\n   entered correctly and the DNS A\/AAAA record(s) for that domain\r\n   contain(s) the right IP address.\r\n<\/code><\/pre>\n<h3>It&#8217;s important to note that your domain records A\/AAAA records must point to your web server IP. Only then you can LetsEncrypt can issue the SSL certificate. If on the other hand, if you&#8217;re using a reverse-proxy like Sucuri, you must enable the setting to &#8220;forward certificate validation&#8221; or similar setting so that you don&#8217;t block LetsEncrypt&#8217;s domain verification attempts.<\/h3>\n<p>In Sucuri&#8217;s DNS settings page, you don&#8217;t have the option to change the A\/AAAA settings as they&#8217;re locked down, pointing to Sucuri Web Application Firewall&#8217;s IP. So I had to open a support case and asked for a solution to this issue.<\/p>\n<h2>Solution: Enable &#8220;Forward Certificate Validation&#8221;<\/h2>\n<p>Sucuri support techs enabled the <strong>Forward Certificate Validation to Hosting<\/strong> from their end. After 5 minutes or so, I could complete the steps in that tutorial successfully. SSL is enabled on the hosting server, and I can switch on the Full SSL\/https setting in my Sucuri WAF dashboard.<\/p>\n<p>For sites connected to <strong>Cloudflare<\/strong>, installing SSL on your web server should be a breeze. I manage another website which is already connected to Cloudflare. I didn&#8217;t have to change anything in Cloudflare other than verifying the A\/AAAA records which were correctly pointing to the web server. The steps in that tutorial worked right away. Domain verification process was successful and got the LetsEncrypt SSL certificate installed without any issues.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google has announced that starting with Chrome browser version 62, &#8216;Not secure&#8217; warnings will be shown for HTTP pages with user input fields and all HTTP pages in incognito mode. Going forward, &#8216;Not secure&#8217; warning would be shown for all HTTP pages even in normal browsing mode.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2],"tags":[],"class_list":["post-5420","post","type-post","status-publish","format-standard","hentry","category-general"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":18940,"url":"https:\/\/www.winhelponline.com\/blog\/windows-live-mail-error-0x800c013e-windows-10\/","url_meta":{"origin":5420,"position":0},"title":"[Fix] Windows Live Mail Error 0x800C013E in Windows 10","author":"Ramesh","date":"September 28, 2020","format":false,"excerpt":"After installing the Windows 10 Feature Update 2004\u00a0 (Build 19041.xx), you may be unable to send or receive emails using Windows Live Mail Version 2012. The error message may look like the following: Unable to send or receive messages for the [name] account. An unknown error has occurred. Server: 'mail.server.com'\u2026","rel":"","context":"In &quot;Utilities&quot;","block_context":{"text":"Utilities","link":"https:\/\/www.winhelponline.com\/blog\/category\/utilities\/"},"img":{"alt_text":"windows live mail 0x800C013E in windows 10 2004","src":"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2020\/09\/wlm-0x800C013E-w10-2004-0.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":52805,"url":"https:\/\/www.winhelponline.com\/blog\/windows-setup-stuck-checking-for-updates\/","url_meta":{"origin":5420,"position":1},"title":"Windows 10\/11 Upgrade Stuck at Checking for Updates","author":"Ramesh","date":"June 11, 2023","format":false,"excerpt":"When you run an in-place upgrade of Windows 10 or 11 using the Media Creation Tool, ISO, or Installation Assistant, the upgrade process may get stuck at \"Checking for updates.\" On some systems, the dialog may get stuck for hours together. This issue occurs if the Windows Update client on\u2026","rel":"","context":"In &quot;Windows 10&quot;","block_context":{"text":"Windows 10","link":"https:\/\/www.winhelponline.com\/blog\/category\/microsoft\/windows\/windows-10\/"},"img":{"alt_text":"windows 10\/11 iso setup.exe","src":"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2023\/06\/windows_11_iso_mounted.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":8878,"url":"https:\/\/www.winhelponline.com\/blog\/edge-chromium-frequently-asked-questions\/","url_meta":{"origin":5420,"position":2},"title":"Edge Chromium ~ FAQ &#038; How-Tos","author":"Ramesh","date":"April 26, 2019","format":false,"excerpt":"Microsoft decided to discontinue its EdgeHTML proprietary browser engine which was used in the Edge web browser. In December 2018, Microsoft announced that Edge was being rebuilt as a Chromium-based browser, which means using the Blink engine and terminating EdgeHTML. Let's call the new Edge browser \"Microsoft Edge (Chromium)\" or\u2026","rel":"","context":"In &quot;Microsoft Edge&quot;","block_context":{"text":"Microsoft Edge","link":"https:\/\/www.winhelponline.com\/blog\/category\/edge\/"},"img":{"alt_text":"edge bottom download pane","src":"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2019\/04\/edge-downloads-panel.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":3633,"url":"https:\/\/www.winhelponline.com\/blog\/clear-chrome-history-cookies-per-site\/","url_meta":{"origin":5420,"position":3},"title":"How to Clear Chrome History and Cookies for a Particular Site","author":"Ramesh","date":"July 30, 2016","format":false,"excerpt":"Sometimes, it may be necessary for you to clear the Chrome browser history and cookies for a particular site or domain. You may need to clear the cookies and site data for a specific site either when designing websites or troubleshooting website login issues etc. And, as a privacy measure,\u2026","rel":"","context":"In &quot;General&quot;","block_context":{"text":"General","link":"https:\/\/www.winhelponline.com\/blog\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2016\/07\/chrome-local-storage-clear-site-data.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2016\/07\/chrome-local-storage-clear-site-data.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2016\/07\/chrome-local-storage-clear-site-data.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2016\/07\/chrome-local-storage-clear-site-data.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":18381,"url":"https:\/\/www.winhelponline.com\/blog\/cant-print-adobe-pdf-browser-windows-10-2004\/","url_meta":{"origin":5420,"position":4},"title":"Can&#8217;t Print Adobe PDF Documents from Browser in Windows 10 2004","author":"Ramesh","date":"September 7, 2020","format":false,"excerpt":"Adobe Acrobat reader adds the web browser plugin using which you can view PDFs in a web browser. After installing the Windows 10 2004 update, you may be unable to print PDF files from the web browser\/frame, especially when using Internet Explorer. The print dialog box doesn't open and nothing\u2026","rel":"","context":"In &quot;Utilities&quot;","block_context":{"text":"Utilities","link":"https:\/\/www.winhelponline.com\/blog\/category\/utilities\/"},"img":{"alt_text":"pdf print problem windows 10 2004 browser","src":"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2020\/09\/adobe-pdf-print-w10-2004-1.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2020\/09\/adobe-pdf-print-w10-2004-1.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2020\/09\/adobe-pdf-print-w10-2004-1.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":1049,"url":"https:\/\/www.winhelponline.com\/blog\/ie-extension-open-web-page-different-browser\/","url_meta":{"origin":5420,"position":5},"title":"Internet Explorer Extension to Open Current Page in Chrome, Firefox or Edge","author":"Ramesh","date":"May 19, 2010","format":false,"excerpt":"I'd like to share the extensions I made for Internet Explorer, to open current web page in a different browser such as Google Chrome, Mozilla Firefox and Microsoft Edge (Windows 10). This extension works fine in all versions of Windows, including Windows 10.After adding this extension, you'll see the following\u2026","rel":"","context":"In &quot;Internet Explorer&quot;","block_context":{"text":"Internet Explorer","link":"https:\/\/www.winhelponline.com\/blog\/category\/microsoft\/internet-explorer\/"},"img":{"alt_text":"open with browser extension for IE","src":"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2010\/05\/ie-extensions-1.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2010\/05\/ie-extensions-1.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.winhelponline.com\/blog\/wp-content\/uploads\/2010\/05\/ie-extensions-1.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/posts\/5420","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/comments?post=5420"}],"version-history":[{"count":0,"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/posts\/5420\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/media?parent=5420"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/categories?post=5420"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.winhelponline.com\/blog\/wp-json\/wp\/v2\/tags?post=5420"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}