Certbot Challenges failed, invalid response from

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ht930.com

I ran this command: certbot --manual certonly

It produced this output:

Waiting for verification...
e[31mChallenge failed for domain ht930.come[0m
http-01 challenge for ht930.com
Cleaning up challenges
e[31mSome challenges have failed.e[0m
e[1m
IMPORTANT NOTES:
e[0m - The following errors were reported by the server:

Domain: ht930.com
Type: unauthorized
Detail: Invalid response from
https://ht930.com/.well-known/acme-challenge/LbHPuNXR73BjF75zWstJh2F9xY15gTHOGbEBT40zxN8
[148.72.215.11]: "\r\n404 Not
Found\r\n\r\n

404 Not
Found

\r\n
nginx\r\n"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

My web server is (include version): IIS 10

The operating system my web server runs on is (include version): Windows Server 2016 Standard Evaluation

My hosting provider, if applicable, is: none

I can login to a root shell on my machine: yes

I'm using a control panel to manage my site: no

The version of my client is: Certbot 1.11.0

I do not know what I can do to make this work. I've tried every method for authorization and it never worked. And i tested and downloaded the file off of my site before i executed the rest of the manual command.

2

Hi @HarrisonTrue

see that url

https://ht930.com/.well-known/acme-challenge/LbHPuNXR73BjF75zWstJh2F9xY15gTHOGbEBT40zxN8

There is a nginx, not an IIS.

You must run Certbot on that machine.

3

There is no machine with nginx though. I only have the one server running off of IIS 10.

4

Please check that url. That's the url Letsencrypt checks to validate your domain. There is a nginx.

Read required basics:

PS:

404 Not Found

nginx

I don't think that's the output of your IIS.

PPS: There is a check of your domain, ~~3,5 hours old - https://check-your-website.server-daten.de/?q=ht930.com#url-checks

Same:

http://ht930.com/
148.72.215.11
Server: nginx
Date: Wed, 20 Jan 2021 17:08:07 GMT

Only nginx - answers.

5

So what exactly is going on then? There's only one device in my network and doesn't have nginx so is that not my output?

6

Your question says: You didn't read the basics. Please change that.

Your domain name is checked, not your local machine. So you must upload the validation file to your hoster.

7

I concur:

curl -Iki ht930.com
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 20 Jan 2021 20:51:08 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://ht930.com/
Strict-Transport-Security: max-age=31536000
8

My local machine is the hoster.

9

And the location of that url is at a https. I'm trying to get a ssl cert so that doesnt make sense

10

Please show the output of:
curl -4 ifconfig.co

11

The ht930.com DNS record points at 148.72.215.11, which is hosted by GoDaddy, so probably not your local machine at home!

The domain was also registered through GoDaddy; did you register this domain there and then forget to point the DNS records over to your home network?

12

ht930.com redirects to HTTPS
https://ht930.com/ forwards (via HTML) to a completely different site:
<meta http-equiv="refresh" content="0.1;url=hXXps://lin.ee/cwxfSUU">

Since you have a Windows machine, then show this page output:
What is my IP address? β€” ifconfig.co

13

No I never registered the domain with godaddy. I believe my dns records are setup correctly.

14

The output of that page / command gives my ip, 108.250.232.28

15

You use GoDaddy name servers and web servers - see https://check-your-website.server-daten.de/?q=ht930.com

Host Type IP-Address is auth. βˆ‘ Queries βˆ‘ Timeout
ht930.com A 148.72.215.11 Singapore//Singapore (SG) - GoDaddy.com, LLC Hostname: ip-148-72-215-11.ip.secureserver.net yes 2 0
AAAA yes
www.ht930.com CNAME ht930.com yes 1 0
A 148.72.215.11 Singapore//Singapore (SG) - GoDaddy.com, LLC Hostname: ip-148-72-215-11.ip.secureserver.net yes

Name servers (one):

Domain Nameserver NS-IP
ht930.com β€’ ns73.domaincontrol.com / p21 97.74.106.47
Scottsdale/Arizona/United States (US) - Host Europe GmbH β€’

domaincontrol is GoDaddy.

You may change your A record

yourdomain -> 108.250.232.28

1 Like
16

I do not use godaddy name servers and webservers, that is not me. My a records are setup correctly as well

17

Then there must be a typo in the name.
Is your domain?: HT930.COM
Or perhaps it is:
HT93O.COM or TH930.COM or HT-930.COM

On which date did you register your domain?
And via which registrar service?

18

No there isn't any typo is it "HT930.com".
And I haven't registered with any registrar, would that be the problem?

19

Then it's not your domain.

So you can't create a certificate with that domain.

You must have an own, worldwide unique domain name with a public suffix (.com, .net, .org, .de, .cn etc.).

So ht930.com has another owner.

PS:

The answer is 19 hours old - Certbot Challenges failed, invalid response from - #4 by JuergenAuer - it's explained in that document.

1 Like
20

Have you ever owned/registered a domain before?
Is this your first domain name?
Do you understand the concept of Global DNS?

Step #1: You can't register/use a name that has already been registered by someone else.