PKI-Validation Error

We’re hosting several websites with Siteground and can see the below error in all websites’ error logs (just with different .txt file names). Does anyone know what’s causing the error and if there’s something we can do to resolve this, or if it doesn’t need resolving?

I’ve removed info below that I felt looked like a validation key but the validation key that the request is looking for does not match the Global API Key we can generate from our Cloudflare dashboard. What resource is the system requesting that can’t be found?

2021-11-08 00:46:00 UTC [nginx][error] 70061#0: *49090135 openat() “/home/u117-zephu5py5u3u/www/rosso-digital.com/public_html/.well-known/pki-validation/ca3-[key removed].txt” failed (2: No such file or directory), client: 172.70.8.17, server: rosso-digital.com, request: “GET /.well-known/pki-validation/ca3-[key removed].txt HTTP/1.1”, host: “rosso-digital.com

Unfortunately, it looks like your server isn’t restoring Visitor IP addresses, so you can can’t see where these requests are coming from. But I’m pretty sure that traffic isn’t initiated by Cloudflare.

https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs

1 Like

Siteground said they were able to identify that the IP address is Cloudflare and that it’s a Cloudflare request.

I have no idea why Cloudflare would be looking inside your .well-known directory. It’s not something they’d have control over. The only time Cloudflare checks for a ca3 key would be in a DNS record. Not inside .well-known

Can you check your website’s general traffic logs for an IP address? I’d like to see one for a regular request.

Another suggestion would be to create a Firewall Rule to block any URI Path requests that “Contains” pki-validation

(http.request.uri.path contains "pki-validation")

Then keep an eye on your Firewall Events Log here for any PKI validation key requests.

I believe the pki-validation folder is usually used for SSL certificate confirmation purposes which should only happen once, shouldn’t it? The IP address does belong to Cloudflare so not sure why there are repeated requests for several domains/websites > https://tools.keycdn.com/geo?host=172.70.8.17

You saw this in the Firewall Events Log?

The IP address is shown in the Siteground error log and when looking it up via https://toosl.keycdn.com/geo you can see that it’s a Cloudflare IP address. Siteground’s Senior Technical Support has confirmed twice now that the request is sent from Cloudflare - that’s all I can tell you. We just need someone from Cloudflare to jump on this and let us know if it’s actually an error we need to action or if it’s something that can be ignored.

This post was flagged by the community and is temporarily hidden.

I have also seen this error numerous times starting November 10th. Would love to know what can fix it, if anything is needed. Also hosted with SiteGround.

type or paste co2021-11-10 19:36:34 UTC [nginx][error] 92072#0: *40678254 openat() "/home/u1225-psldiifemfoh/www/robertfalk.org/public_html/.well-known/pki-validation/ca3-[key-removed].txt" failed (2: No such file or directory), client: 172.70.11.75, server: robertfalk.org, request: "GET /.well-known/pki-validation/ca3-[key-removed].txt HTTP/1.1", host: "robertfalk.org"de here
1 Like

I’m glad we’re not the only ones at a loss @user9535. Cloudflare we need @MoreHelp!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.