Acme.sh Invalid Response Issue

Hi there. I have recently taken over the IT role at my company and am trying to set up a wiki.js to be accessed with our domain, cabinworks.ca. I’m using the steps from ‘https://www.howtoforge.com/how-to-install-wikijs-on-ubuntu-1804-lts/’, but am getting an invalid response from the domain when I run the command below. I would say my server and Linux knowledge is lower-level so I may be missing a crucial step that isn’t mentioned in the instructions (researching the topic has me wondering if I need to configure a web sever, or do something with port 80).

I have a log saved but apparently new users can’t attach files.

As for my web server, I ran Nmap and got the following output:

Starting Nmap 7.60 ( https://nmap.org ) at 2020-04-06 16:16 PDT
Nmap scan report for HOST (IP)
Host is up (0.000044s latency).
Not shown: 999 closed ports
PORT STATE SERVICE VERSION
23/tcp open telnet Linux telnetd
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6.32
OS details: Linux 2.6.32
Network Distance: 0 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Any help would be appreciated.

My domain is: cabinworks.ca

I ran this command: 
acme.sh --issue --standalone -d cabinworks.ca --keylength 2048

It produced this output:
cabinworks.ca:Verify error:Invalid response from http://cabinworks.ca/.well-known/acme-challenge/S5yMAQ5BSJ_Z4KKzQdfJNoiZ3RqfLT5zexf0XQqAcJI [208.113.184.38]:

My web server is (include version): I don't know

The operating system my web server runs on is (include version): Ubuntu 18.04.4

My hosting provider, if applicable, is: Dreamhost

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of `certbot --version` or `certbot-auto --version` if you're using Certbot): acme.sh v2.8.6
1 Like

Is your service with DreamHost a shared hosting product, or a dedicated product like a VPS?

The reason I ask is that the webserver that cabinworks.ca. is pointing at, appears to be a DreamHost shared hosting server. You’ve said in your responses that you have root access to this server, so I’m wondering which one it is.

1 Like

Sorry, I misread the question. I do not have have root access to the Dreamhost server. I do believe it is shared.

1 Like

Okay.

Where are you trying to install wikijs and run acme.sh? On the same DreamHost shared hosting?

I don’t believe they will allow you to run it there, since wikijs requires a persistent external process (Node). You usually need a VPS or dedicated service for that.

1 Like

I am installing both on our local machine where we host our VPN. The hope was that we could set the wiki up and attach it to the domain even though it’s not hosted by us. It sounds like that won’t be the case. I did install node.js on this machine first but perhaps that isn’t enough.

1 Like

You can, just put it on a subdomain, so it can be hosted separately to your DreamHost hosting. i.e. Create wiki.cabinworks.ca in DNS and point it at your local machine.

If this local machine is not exposed to the internet, you can still use acme.sh to get a certificate - use the DreamHost DNS API as in this example: https://github.com/acmesh-official/acme.sh/wiki/dnsapi#40-use-dreamhost-dns-api

Get your DreamHost API key from https://panel.dreamhost.com/?tree=home.api and then run:

export DH_API_KEY="<api key>"
acme.sh --issue --dns dns_dreamhost -d wiki.cabinworks.ca
1 Like

It’s exposed to the internet so I shouldn’t need the API.

I will try your suggestion tomorrow morning and update on whether this fixes it. Thank you!

1 Like

Now I assume that to host on my own machine I’ll need to start a server. There seem to be a great many of options to do this, would you recommend Apache?

1 Like

I’ve done as you suggested and tried the command again. New error:

wiki.cabinworks.com:Verify error:DNS problem: NXDOMAIN looking up A for wiki.cabinworks.com - check that a DNS record exists for this domain

Not sure how to proceed. I definitely created the DNS record to this device (assuming I was supposed to use the specific IP and not the default). I thought it could be something with port 80 but it only shows two firefox processes on it.

Hi @Jkhubner

there is no A record - https://check-your-website.server-daten.de/?q=wiki.cabinworks.com

Host T IP-Address is auth. ∑ Queries ∑ Timeout
wiki.cabinworks.com Name Error yes 1 0
www.wiki.cabinworks.com Name Error yes 1 0

Your name server is ns17.domaincontrol.com, there you have to create the A-record.

Where did you create that? If Letsencrypt can’t check that dns server, that can’t work.

To add to @JuergenAuer’s response, domaincontrol = GoDaddy, so you would need to login to your GoDaddy DNS panel and add the wiki subdomain there.

Well, the tutorial you were using suggested nginx, and it’s a pretty great webserver. I’d suggest going with that.

Thank you both, I wasn’t aware that GoDaddy had anything to do with this website.

Hi there @JuergenAuer and @_az, I’ve recently come back to this issue and noticed that I had mistakenly switched from cabinworks.ca to cabinworks.com in my second attempt. That explains why it was pointing to godaddy. check-your-website now shows proper A-records.

I’m still getting the invalid response from wiki.cabinworks.ca when attempting to get the RSA cert.

1 Like

Hi there! Just in case it wasn’t clear, I’m still stuck at this point and am looking for help on how to get the certs. Would it be easiest to use the Dreamhost DNS API even though I have internet access?

cabinworks.ca is using Dreamhost’s DNS servers (ns1.dreamhost.com, ns2.dreamhost.com, ns3.dreamhost.com)

Dreamhost has a fairly aggressive DNS caching system. IIRC, I they cache records for 24-48 hours; but once every 12 or 24 hours you can request a “DNS Flush” off their control panel.

My advice would be to configure all the DNS to point to the servers, check and double-check, then request a DNS flush and wait 30 minutes before running acme.sh or certbot. If you don’t wait, you will risk of a race condition where you put stale data into the cache after the flush. This has happened a lot to me with Dreamhost and Namecheap DNS (which is why I switched to DNS Authentication and via acme-dns for internal systems)

Using the API key may be best for you. That will let acme.sh set up the DNS challenges on Dreamhost for you. You will have to wait a bit since your last attempt though, and you may need to remove the old records and do a DNS flush first.

Hi @jvanasco, I need some clarification on point the DNS to my servers. Is it enough to use my network IP for the A record value or do I need to point it to the specific machine that will be hosting the server as well? If so, how would I do that?

Currently I am pointing it toward the network IP (for example what you would find on ipchicken.com).

To be clear, the domain cabinworks.ca is currently hosted on dreamworks, but I’m trying to get the sub-domain wiki.cabinworks.ca to host the wiki.

I got in contact with dreamhost support and they said I have to remove the web hosting from the subdomain to make this work. I did that and gave Step 3 of [https://www.howtoforge.com/how-to-install-wikijs-on-ubuntu-1804-lts/] another try but I’m still getting “Invalid Response”.

I looked into he DNS flush and was unable to find the option. I suppose I would have to contact support for that then.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.