Correct! Thanks @serverco. @NoLifeKing, please don't revoke certificates unless you suspect them compromised. It's unnecessary and doesn't accomplish much due to the inherent problems with revocation.
Sure thing!
@NoLifeKing Looking at the logs from our end it appears like HAProxy or the origin webserver behind it are producing a 200 response to the validation HTTP request, but with an empty response body. Is there anything in your configuration that might suggest why?
E.g. for the most recent failed attempt I see:
"type":"urn:acme:error:unauthorized",
"detail":"The key authorization file from the server did not match this challenge [nckax...] != []"
The first portion [nckax...] is what we expected to find. The second portion [] is the whitespace trimmed response body from the HTTP request.
I see the same error for the QKvAHb... authorization shared in this thread:
"type":"urn:acme:error:unauthorized",
"detail":"The key authorization file from the server did not match this challenge [QKvAHb...] != []"
Can you verify that you can externally CURL a file from the /.well-known/acme-challenge directory through HAProxy and receive the correct response body?
Hope this helps!