1. ZeroSSL
  2. Troubleshooting
  3. Certificate verification

Troubleshooting - HTTP File Upload

If you receive one of the below error messages before verifying, please check the below tools for more information: 

"We were unable to verify your uploaded file. Please check for errors on your side and try again after 5-10 minutes."

Check for User-Agent filter

During HTTP verification the file needs to be readable for our automated ZeroSSL systems. Some webservers can prevent that and only allow human interaction with a web-browser.

When you get 200 OK everthing is okay.

mceclip1.png

It looks like your server has some kind of filter/firewall enabled.

mceclip0.png

👉 Check if your website is reachable for ZeroSSL


  curl domain.com/.well-known/pki-validation/
  ABCDEFGHIJKLMNOPQRSTUVWXYZ123456.txt
Check for HTTP redirects

During HTTP verification the file needs to be available via HTTP 200 code. Any kind redirect can influence the verification result.

When you get 200 OK everthing is okay.

mceclip4.png

Any redirect with 3XX can prevent verification of your certificate

mceclip3.png

The 403 Forbidden status indicates that the server understood the request but refuses to authorize it. Please check your internal server configuration

mceclip1.png

 

👉 Check if your website is reachable via HTTP 200


  curl -vv domain.com/.well-known/pki-validation/
  ABCDEFGHIJKLMNOPQRSTUVWXYZ123456.txt

"We were able to verify 1 uploaded file, but not all of them. Please check for errors and try again"

Check if the HTTP File upload is available for the www-version

If you receive the above error message you need to check if your HTTP File Upload is available for all versions of your domain; this includes the naked domain and the www-version: 

domain.com & www.domain.com 

Due to recent changes if you want to verify your domain with HTTP File Upload you need to make sure the File is reachable on both versions. If you do not support the www version, please cancel this request and create a new one, but make sure to remove the www-version by clicking on the X next to it (see below)

mceclip0.png

Important

This currently does not apply for domains such as ddns.net or ddns.me and you still need to verify the www-version too if you are using the UI. 
As a workaround, you can use the ZeroSSL API endpoint with the strict_domains=1 parameter in order to create a certificate draft which does not contain any www/non-www extension

  Troubles during verification?

Before contacting us please try the following three things:

  1. Please try also at least one of the other two remaining methods.
  2. Visit this Troubleshooting article for further help!!
  3. Please check for an ongoing service incident.


Was this article helpful?
0 out of 2 found this helpful