Hi All,

i'm new to use the services of lets encrypt, we had an exisiting automation with Letsencrypt and BIG IP to automate the certificates. Currently its looks to be broken and we are trying to fix it.

My domain is: Infa.com

I ran this command: ./dehydrated -c

It produced this output:

[certmgr@pcs-dc-au-lb6:Active:Standalone] letsencrypt # ./dehydrated -c

INFO: Using main config file /shared/letsencrypt/config

Processing lr1.domain.com

• Signing domains...
• Generating private key...
• Generating signing request...
• Requesting new certificate order from CA...
• Received 1 authorizations URLs from the CA
• Handling authorization for lr1.domain.com
• 1 pending challenge(s)
• Deploying challenge tokens...
• Responding to challenge for lr1.domain.com authorization...
• Cleaning challenge tokens...
• Challenge validation has failed
  ERROR: Challenge is invalid! (returned: invalid) (result: ["type"] "http-01"
  ["status"] "invalid"
  ["error","type"] "urn:ietf:params:acme:error:unauthorized"
  ["error","detail"] "198.202.141.84: Invalid response from http://lr1.domain.com/.well-known/acme-challenge/f4z_IoIFp2LMdHW5hgVo4Gw-g9uLyDm6wK2Kxr74Rv0: 404"
  ["error","status"] 403
  ["error"] {"type":"urn:ietf:params:acme:error:unauthorized","detail":"198.202.141.84: Invalid response from http://lr1.domain.com/.well-known/acme-challenge/f4z_IoIFp2LMdHW5hgVo4Gw-g9uLyDm6wK2Kxr74Rv0: 404","status":403}
  ["url"] "https://acme-v02.api.letsencrypt.org/acme/chall-v3/311172364157/nj-xSA"
  ["token"] "f4z_IoIFp2LMdHW5hgVo4Gw-g9uLyDm6wK2Kxr74Rv0"
  ["validationRecord",0,"url"] "http://lr1.domain.com/.well-known/acme-challenge/f4z_IoIFp2LMdHW5hgVo4Gw-g9uLyDm6wK2Kxr74Rv0"
  ["validationRecord",0,"hostname"] "lr1.domain.com"
  ["validationRecord",0,"port"] "80"
  ["validationRecord",0,"addressesResolved",0] "198.202.141.84"
  ["validationRecord",0,"addressesResolved"] ["198.202.141.84"]
  ["validationRecord",0,"addressUsed"] "198.202.141.84"
  ["validationRecord",0] {"url":"http://lr1.domain.com/.well-known/acme-challenge/f4z_IoIFp2LMdHW5hgVo4Gw-g9uLyDm6wK2Kxr74Rv0","hostname":"lr1.domain.com","port":"80","addressesResolved":["198.202.141.84"],"addressUsed":"198.202.141.84"}
  ["validationRecord"] [{"url":"http://lr1.domain.com/.well-known/acme-challenge/f4z_IoIFp2LMdHW5hgVo4Gw-g9uLyDm6wK2Kxr74Rv0","hostname":"lr1.domain.com","port":"80","addressesResolved":["198.202.141.84"],"addressUsed":"198.202.141.84"}]
  ["validated"] "2024-02-03T14:21:33Z")

Can you please help me this issue

The above means that dehydrated created the HTTP Challenge token

The "404" is an HTTP Not Found error. The Let's Encrypt ACME server made an HTTP request for that token created by dehydrated (the ACME Client). Your system should return this token but returned a 404 instead.

I realize this may not be that helpful. I do not know dehydrated or Big IP so this is all I can offer.

I hoped by explaining you may better understand what is going wrong.

Since no one else here has responded so far you may want to try on a Big IP forum or even dehydrated for further clues.

You should focus on changes to your system since your last cert was issued for the actual domain name. The domain names you posted are not valid which makes it difficult to give specific advice.

Thank you Mike for the information, let me reach out to vendor and see if this can be resolved from their end.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.