Can't re-obtain cert in Laravel Forge

I’m using Laravel Forge to host a site on AWS using NGINX 1.15.8 and PHP 7.3.4. The domain is, and the DNS A-record is properly registered in Rackspace.

I was able to use Laravel Forge to obtain a LetsEncrypt cert for the domain. It’s correctly set up at the moment.

However, after setting it up, I tried to then add multiple subdomains via the Forge UI, which didn’t work, so when I used the UI to revert back to the one, original subdomain, I got the following error:

ERROR: Challenge is invalid! (returned: invalid) (result: {
  "type": "http-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "Invalid response from []: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e404 Not Found\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e404 Not Found\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003enginx/1.15.8\u003c/ce\"",
    "status": 403
  "url": "",
  "token": "l3jIbrjJVBJ88EVnythOrE7E46D_G3DUL2M21Xz5ReU",
  "validationRecord": [
      "url": "",
      "hostname": "",
      "port": "80",
      "addressesResolved": [
      "addressUsed": ""
      "url": "",
      "hostname": "",
      "port": "443",
      "addressesResolved": [
      "addressUsed": ""

I SSH’ed into the server and created a .well-known directory under the site-root/public directory, and I then created an acme-challenge directory within that .well-known directory.

All the permissions seem fine, and if I create a test.txt in the .well-known directory, I can properly access it from the following URL:

However, if I create the same test.txt file in the acme-challenge directory and try to access it, I get a 404 Not Found.
Just for testing purposes, I created an acmechallenge directory (no hyphen) under the .well-known directory and placed a test.txt file in there and I was able to access the file just fine.
Lastly, I have confirmed that the file and directory permissions for all of these directories are the same.

What could possibly be causing this issue and what are some possible things I could do to fix the problem? Thank you.

1 Like

Hi @HartleySan, welcome to the community forum :wave:

Thanks for providing the results from this experimentation. I think you're narrowing in on what your problem is.

There should be an acme-challenge directory under .well-known. The protocol that powers Let's Encrypt doesn't allow any flexibility in the naming of these directories so unfortunately a acmechallenge directory won't work.

I'm not at all familiar with Laravel unfortunately so my help may be limited! Can you perhaps create the acme-challenge directory manually, confirm that the permissions are set appropriately (maybe match them to the existing .well-known directory) and then see if certificate issuance works as expected?

Is there perhaps an error log from the Laravel certificate generation that would show it failing to write the HTTP-01 key authorization file to the .well-known/acme-challenge directory in your webroot?

cpu, thank you much for the welcome and prompt reply.

The naming can be a bit confusing, but I don’t think this is a Laravel issue so much as a Laravel Forge issue. Forge is a web-based product put out by the Laravel team that allows you to easily handle all the various DevOps tasks required to run web sites/apps, including the generation/registration of SSL certs.

I probably should have mentioned this in my original post, but I already manually created an acme-challenge (with the hyphen) directory under the .well-known directory, and I’m still getting the same error noted in my original post.

All the permissions are the same for all the directories and files, and I can access the .well-known/test.txt and .well-known/acmechallenge/test.txt files just fine, but I can’t access the .well-known/acme-challenge/test.txt file.

Please hit up the following URLs to see what I mean:

I looked through all the NGINX conf files for anything related to “acme”, and there’s only the following instance in the following file:


location /.well-known/acme-challenge {
auth_basic off;
allow all;
alias /home/forge/.letsencrypt;

I’m not an expert on SSL certs (thus why I’m using Laravel Forge and LetsEncrypt to help me), so I’m not really sure how to even diagnose or debug the problem. All I can say is that the Googling I have done over the past few days and the similar topics I have looked at on this forum have not solved my problem. Thank you again for your help.

Aha! Thanks for explaining that :slight_smile:

:+1: Ok, that's valuable to know.

Can you try creating a test.txt file in the /home/forge/.letsencrypt directory and then accessing Are the permissions on that directory sensible looking?

It seems like Nginx is perhaps configured to handle the /.well-known/acme-challenge path using a different directory than your normal site-root.

cpu, thanks for the prompt reply and suggestions.

I created a test.txt file in the /home/forge/.letsencrypt directory, but I still couldn’t access the file from the URL

I didn’t notice it before, but it’s worth noting that Laravel Forge automatically put a file in that directory called test, and I was able to access that file just fine. Or rather, when I went to, it automatically downloaded the file, and I was able to confirm that it was the file I was looking at on the server by loading it up into my text editor and seeing the same content.

I have no clue why I can access and download the test file, but not the test.txt file I created in the same directory. The permissions were almost the same too. In fact, test is only 644, but test.txt is 664, and yet I can access test, but not test.txt. I even made them the same permissions just in case, but it didn’t matter.

I also tried commenting out the contents of the LetsEncrypt NGINX conf file and restarting NGINX, but I still can’t access test.txt (and I can still access test; what?!).

Wish I could provide you with more info, but I’m not even really sure where to look at this point.
What confuses me more than anything is that there’s literally only one button I can press in Laravel Forge to do all of this, and when I pressed it the first time, it worked fine, but it hasn’t worked for any subsequent presses.

Please let me know if you have any other ideas. Otherwise, I may need to ask a similar question on the Laravel Forge forum and see if they can help there, as this may be more a Forge issue than a LetsEncrypt issue. Thank you.

That is pretty strange! I don't have a good theory to explain that behaviour either.

I'm afraid I don't have any great ideas for next debugging steps. Trying to pursue this with a Laravel Forge specific forum sounds like a good idea. I'm confident the problem is with the HTTP-01 challenge response and webserver configuration on your server and not something I can help address from the Let's Encrypt side.

Good luck! I wish we had better luck figuring it out in this thread but perhaps someone on the forum with more Laravel Forge expertise will see it and jump in.

Finally figured out the issue, and I’m embarrassed to admit it: I was trying to add the cert to the web server directly, when I needed to add it to the load balancer that was set up through Forge. Once I did that, it solved my problem.

Sorry for the runaround and headaches.

1 Like

Glad to hear you were able to figure it out! Your solution makes sense. I didn’t realize there was a load-balancer in the mix :slight_smile:

Thanks for reporting back!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.