Always `Challenge did not pass`

When i tried to request certificate, I've always get this response

Traceback (most recent call last):
  File "/usr/share/webmin/webmin/acme_tiny.py", line 198, in <module>
    main(sys.argv[1:])
  File "/usr/share/webmin/webmin/acme_tiny.py", line 194, in main
    signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca, disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
  File "/usr/share/webmin/webmin/acme_tiny.py", line 149, in get_crt
    raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization))
ValueError: Challenge did not pass for some-domain.com: {'identifier': {'type': 'dns', 'value': 'some-domain.com'}, 'status': 'invalid', 'expires': '2024-05-29T15:56:35Z', 'challenges': [{'type': 'http-01', 'status': 'invalid', 'error': {'type': 'urn:ietf:params:acme:error:unauthorized', 'detail': '2a01:4f8:c012:8427::1: Invalid response from http://some-domain.com/.well-known/acme-challenge/7Tm9K5uX9hyFM3XqgJnye2hhY3w1glopPivfdLNx0bM: 404', 'status': 403}, 'url': 'https://acme-v02.api.letsencrypt.org/acme/chall-v3/354035424792/_amdSA', 'token': '7Tm9K5uX9hyFM3XqgJnye2hhY3w1glopPivfdLNx0bM', 'validationRecord': [{'url': 'http://some-domain.com/.well-known/acme-challenge/7Tm9K5uX9hyFM3XqgJnye2hhY3w1glopPivfdLNx0bM', 'hostname': 'some-domain.com', 'port': '80', 'addressesResolved': ['154.26.138.198', '2a01:4f8:c012:8427::1'], 'addressUsed': '2a01:4f8:c012:8427::1'}], 'validated': '2024-05-22T15:56:42Z'}]}

I've make sure all domain are pointed correctly
domain.com/.well-known is accessible

However, upon inspecting the access logs, I didn't find any requests to the .well-known directory except for the ones I made manually while attempting to access it,

Could you help me understand what might be causing the issue or if there are any configuration changes I should make

Information:
I'm using virtualmin and NGINX as a webserver.

Hello @usiaeci, welcome to the Let's Encrypt community.

When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it. In any case, all the answers to this questionnaire are required:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Thank you for assisting us in helping YOU!

@usiaeci if the IPv6 Address of 2a01:4f8:c012:8427::1 is the actually IPv6 Address then this information my provide some minor value.

>openssl s_client -showcerts -connect 2a01:4f8:c012:8427::1:443 < /dev/null
s_client: -connect argument or target parameter malformed or ambiguous
bruce@psg: 14>openssl s_client -showcerts -connect \[2a01:4f8:c012:8427::1\]:443 < /dev/null
CONNECTED(00000003)
Can't use SSL_get_servername
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = US, ST = TX, L = Houston, O = "cPanel, Inc.", CN = "cPanel, Inc. Certification Authority"
verify return:1
depth=0 CN = mail.acceron.com.my
verify error:num=10:certificate has expired
notAfter=Aug 24 23:59:59 2022 GMT
verify return:1
depth=0 CN = mail.acceron.com.my
notAfter=Aug 24 23:59:59 2022 GMT
verify return:1
---
Certificate chain
 0 s:CN = mail.acceron.com.my
   i:C = US, ST = TX, L = Houston, O = "cPanel, Inc.", CN = "cPanel, Inc. Certification Authority"
-----BEGIN CERTIFICATE-----
MIIF3DCCBMSgAwIBAgIQfpuC8PTV30DgtC3TxtI4EDANBgkqhkiG9w0BAQsFADBy
MQswCQYDVQQGEwJVUzELMAkGA1UECBMCVFgxEDAOBgNVBAcTB0hvdXN0b24xFTAT
BgNVBAoTDGNQYW5lbCwgSW5jLjEtMCsGA1UEAxMkY1BhbmVsLCBJbmMuIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MB4XDTIyMDUyNjAwMDAwMFoXDTIyMDgyNDIzNTk1
OVowHjEcMBoGA1UEAxMTbWFpbC5hY2Nlcm9uLmNvbS5teTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAKMl34hPCo+/yElfkzJuoBs4j3FwkFnu9Vns19d3
HE6Cil7eFOljuZLmFdQIWMuAbU7WkYJeZXs3DF9uwG7iwaftoBpcq5YQ85O3ZvtM
FOYmfokXVa2neZEbTKOXYdDGrQz51cVxFb/Gt+B3X36kRzPhYHjnw5witZ4czExR
eOar/hpyjlTa8oh8jppE7t/ucKHdT/U73TaYSah9XPtJ+VoFE/upK3mvMdfPv+T/
5DRur3bOyGhsQqK2IKKrP3bPOtEoR7xvQOv8yhjAHW8Z8jvlbuJPxFQhkSNRWSHr
lFZQb+CrfIb4t0Jv1uLXC1GjKn6FZYAJ5ahoGx9U8xBfe38CAwEAAaOCAsAwggK8
MB8GA1UdIwQYMBaAFH4DWmVBa6d+CuG4nQjqHY4dasdlMB0GA1UdDgQWBBTmPPO9
qlcZzmcmlUcVVvwoDZ6MAzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAd
BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSQYDVR0gBEIwQDA0BgsrBgEE
AbIxAQICNDAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29tL0NQUzAI
BgZngQwBAgEwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL2NybC5jb21vZG9jYS5j
b20vY1BhbmVsSW5jQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwfQYIKwYBBQUH
AQEEcTBvMEcGCCsGAQUFBzAChjtodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9jUGFu
ZWxJbmNDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNydDAkBggrBgEFBQcwAYYYaHR0
cDovL29jc3AuY29tb2RvY2EuY29tMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHUA
RqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAGBAX+iXwAABAMARjBE
AiAM+bDUdVoQp7HTV1uIpDasVgkQ6ohXMKiT/92PUyi3EAIgGhAeUHZAqLeSIsk8
hKbKeZ/AOJk+rBdZmJCjBUczAXoAdgBByMqx3yJGShDGoToJQodeTjGLGwPr60vH
aPCQYpYG9gAAAYEBf6IrAAAEAwBHMEUCIAP7B2s+aeGdT9bg85TTLDHI5YnB1zAU
5aeTWrwrXccWAiEA+Sjdg+Qhhw/cmjv0gZmwxYtUYxF6XpvfarDHrKftxuEwHgYD
VR0RBBcwFYITbWFpbC5hY2Nlcm9uLmNvbS5teTANBgkqhkiG9w0BAQsFAAOCAQEA
E638Q6QnqdIbCoAakI51xiQJCxlkflKT2jrq/LhQoCH7l2vv/YmoaGyyR19Myo8i
YG/aA2GVRLB8MKsLO487sGW1UX952nAmZ0qK33Zp5siREsb/SJ/FV1d2jPJezK4G
mwMRAaEO9MpyRKcV4l9KBt/1knfgTEggdJs+ZhQBTsd/Npi51i+mUpnuVWM5Kwim
fEuidRtqRi7Rmwg3mG7qc3esY/qu68Ag0t0ejQ5oY58cNL2VXvCNirnEx6EH6UaM
onUHNSZrJZ7HIbsH4BNKHpTw4t8v/g8XLACtWJnfq1SzD8mP31DZtyZIxZI7yCRk
+qaVudcUAAYWkli125AAAQ==
-----END CERTIFICATE-----
 1 s:C = US, ST = TX, L = Houston, O = "cPanel, Inc.", CN = "cPanel, Inc. Certification Authority"
   i:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
-----BEGIN CERTIFICATE-----
MIIF8TCCA9mgAwIBAgIRAPAdS+57fKN7PAVmrAWXJFgwDQYJKoZIhvcNAQEMBQAw
gYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYD
VQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE1MDUx
ODAwMDAwMFoXDTI1MDUxNzIzNTk1OVowcjELMAkGA1UEBhMCVVMxCzAJBgNVBAgT
AlRYMRAwDgYDVQQHEwdIb3VzdG9uMRUwEwYDVQQKEwxjUGFuZWwsIEluYy4xLTAr
BgNVBAMTJGNQYW5lbCwgSW5jLiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIteAVa57GsR70jpQ56byLpTkaW9
qyr6Xjo14Q1cNepSqJk0KA9+WStIa+e010t9L4PP/osmw1l5H2Chaaday583Ie8Y
vZv9Qet1fLeW2V6GyyoS4qf3A+TO5gX3QZsevNL20WZpUQzete08CyfPiI4gPeNO
lY8VNMYmy/c/ZOn1MCV9zak5mz/qemkri8R9C/hWk7Zrlsrsz9J7vUO+0/WJ2k10
SSHEvfUwvLxJqWUVs9b/vx2QlJwIJbatz/zH2ftV1RnQSr9iRuUk7Y++ZJgMalGe
eoBzIKm02b9Dap4QrSugzWStQDnS4rjbwvI6o+K3FpcfHvbP3zweWOkAB2sCAwEA
AaOCAWwwggFoMB8GA1UdIwQYMBaAFLuvfgI9+qbxPISOre44mOzZMjLUMB0GA1Ud
DgQWBBR+A1plQWunfgrhuJ0I6h2OHWrHZTAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0T
AQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwIgYD
VR0gBBswGTANBgsrBgEEAbIxAQICNDAIBgZngQwBAgEwTAYDVR0fBEUwQzBBoD+g
PYY7aHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ2VydGlmaWNhdGlv
bkF1dGhvcml0eS5jcmwwcQYIKwYBBQUHAQEEZTBjMDsGCCsGAQUFBzAChi9odHRw
Oi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FBZGRUcnVzdENBLmNydDAkBggr
BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA
A4ICAQAQn6BgCIF0oaCEeGBMOTnaZHfvGQpyOSOUO5F9fzSLl1hOWQotaMMQQrCg
eoGMe6sxMiA55CJz4N7JF12DxXUt4RFHWQGeXcD03RJq0G0wIOizyk/fmuCnF58a
L4d+61DhU/P4R9mMYPLJZWWc8NoB5rLy2AeYh983iZhVEkLJ5C3eLb6qZJRO2S7m
wtXywObp6hk+NwuJX8k6+E9HQD6vGn+i9oUBiBc2tSPquf66a0gLAiA5rsNh65Wl
oXPHHF9UM3NXSzaLm1so4z6xC3hcaxSnEMzl2j+66dayLR1wVLpeq31PKYkQ4DqQ
BMXuuY5DouNjWH9Ji3E+V2IjQNFdlmQiYVaflmdHh7zlACCkaOLBoIF7aHMIxG1O
cHno3VXXCVy5nQqVpgzZ2+KKVeu54eealRRMWAZBwRCqqrE64qVKSuDZyR/CoJe7
Bu8ZANsCvpbx+1SPk5r6MCI2qXcmH5Qok+kTPUXROjVIHpgNgnDAC1ooh6F4UT+1
p1ymkSIAQky5gBWAKrEtiU/3uh4YxIxZHnNJo6h7vB/3Vk1Qn2cWp8cXSOdtVFd2
bpdYW3hkpO1itAA7Bn55uFhfboTWQ7xP2zmqKPDBiQnF++MYRLflsotdlfkjWgty
92k61leL4en0YL7EUSsRrP5Is3JzyhNQcw0EdsoB4ULC1yHP+Q==
-----END CERTIFICATE-----
 2 s:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
   i:C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgIQZ970PvF72uJP9ZQGBtLAhDANBgkqhkiG9w0BAQwFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4
MTIzMTIzNTk1OVowgYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1h
bmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBM
aW1pdGVkMSswKQYDVQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9y
aXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTd
xc9EZ3SZKzejfSNwAHG8U9/E+ioSj0t/EFa9n3Byt2F/yUsPF6c947AEYe7/EZfH
9IY+Cvo+XPmT5jR62RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Z
f7X8Z0NyvQwA1onrayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a
5JtsaZn4eEgwRdWt4Q08RWD8MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNG
N4Tr6MyBSENnTnIqm1y9TBsoilwie7SrmNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R
7Qu2XK8sYxrfV8g/vOldxJuvRZnio1oktLqpVj3Pb6r/SVi+8Kj/9Lit6Tf7urj0
Czr56ENCHonYhMsT8dm74YlguIwoVqwUHZwK53Hrzw7dPamWoUi9PPevtQ0iTMAR
gexWO/bTouJbt7IEIlKVgJNp6I5MZfGRAy1wdALqi2cVKWlSArvX31BqVUa/oKMo
YX9w0MOiqiwhqkfOKJwGRXa/ghgntNWutMtQ5mv0TIZxMOmm3xaG4Nj/QN370EKI
f6MzOi5cHkERgWPOGHFrK+ymircxXDpqR+DDeVnWIBqv8mqYqnK8V0rSS527EPyw
TEHl7R09XiidnMy/s1Hap0flhFMCAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSgEQoj
PpbxB+zirynvgqV/0DCktDAdBgNVHQ4EFgQUu69+Aj36pvE8hI6t7jiY7NkyMtQw
DgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRV
HSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0FB
QUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEF
BQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUAA4IB
AQB/8lY1sG2VSk50rzribwGLh9Myl+34QNJ3UxHXxxYuxp3mSFa+gKn4vHjSyGMX
roztFjH6HxjJDsfuSHmfx8m5vMyIFeNoYdGfHUthgddWBGPCCGkm8PDlL9/ACiup
BfQCWmqJ17SEQpXj6/d2IF412cDNJQgTTHE4joewM4SRmR6R8ayeP6cdYIEsNkFU
oOJGBgusG8eZNoxeoQukntlCRiTFxVuBrq2goNyfNriNwh0V+oitgRA5H0TwK5/d
EFQMBzSxNtEU/QcCPf9yVasn1iyBQXEpjUH0UFcafmVgr8vFKHaYrrOoU3aL5iFS
a+oh0IQOSU6IU9qSLucdCGbX
-----END CERTIFICATE-----
---
Server certificate
subject=CN = mail.acceron.com.my

issuer=C = US, ST = TX, L = Houston, O = "cPanel, Inc.", CN = "cPanel, Inc. Certification Authority"

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5005 bytes and written 373 bytes
Verification error: certificate has expired
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 10 (certificate has expired)
---
DONE

It looks like (to me) IPV6 may be the issue here.The domain is open for the correct ports, etc.

@usiaeci "some-domain.com" Ok . Fine. please give Bruce more information so he can help you resolve this issue.

HTTP/1.1 302 Found
date: Wed, 22 May 2024 23:53:34 GMT
**server: Apache**
set-cookie: __tad=1716422014.1045911; expires=Sat, 20-May-2034 23:53:34 GMT; Max-Age=315360000
location: http://ww25.some-domain.com/?subid1=20240523-0953-34a1-b7a6-a17d6f3d906a
content-type: text/html; charset=UTF-8
connection: close

You Must Give Us The Information We Need To Assist. Please Answer The Questionnaire that Bruce has asked you for..

I still think that if you shut IPV6 off you will get your cert.
And then fix your IPV6.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.