Certbot: "Invalid response" while trying to obtain a certificate

Hi guys,

I’m having trouble getting a certificate for my Nginx webserver. Any idea what could be the problem?
I’m a real beginner in webhosting and ssl certificates so I’m hoping that the below info is of help.
Thank you for any help!!

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
shin.go.ro
I ran this command:
certbot certonly --standalone
It produced this output:
Saving debug log to C:\Certbot\log\letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter ‘c’
to cancel): shin.go.ro
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for shin.go.ro
Waiting for verification…
e[31mChallenge failed for domain shin.go.roe[0m
http-01 challenge for shin.go.ro
Cleaning up challenges
e[31mSome challenges have failed.e[0m
e[1m
IMPORTANT NOTES:
e[0m - The following errors were reported by the server:

Domain: shin.go.ro
Type: unauthorized
Detail: Invalid response from
http://shin.go.ro/.well-known/acme-challenge/969mA7VrZemnlVd928AyTreupCRuKRQz4eF-61U7N8w
[79.115.212.18]: “\r\n404 Not
Found\r\n\r\n

404 Not
Found

\r\n
nginx/1.19.0</ce”

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
nginx 1.19.0
The operating system my web server runs on is (include version):
Windows 10
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 1.5.0

1 Like

I believe that the current situation with Certbot on Windows is that you will need to stop nginx before running Certbot.

This might do the trick if it’s running as a service:

certbot certonly --standalone --pre-hook "net stop nginx" --post-hook "net start nginx"

or otherwise stop it by hand, and start it up again afterwards.

2 Likes

Thank you for the reply!

I tried your command and got the following:
C:\Certbot>certbot certonly --standalone --pre-hook “net stop nginx” --post-hook “net start nginx”
e[31mUnable to find pre-hook command net in the PATH.
(PATH is C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Windows\System32\OpenSSH;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Certbot\bin;C:\Users\Admin\AppData\Local\Microsoft\WindowsApps;C:\Program Files (x86)\Certbot\Python)e[0m

I’m pretty sure I should know what to do at this point, but as I said… I’m pretty much a noob at this point…

HOWEVER, i did stop manually stop nginx and tried “certbot certonly --standalone” with it stopped, but received the same error I got in the original post “… 404 Not found” etc. So i don’t think it was the fact that the service was turned on (or not just that fact alone)…

Any ideas on how to proceed next?

Hmm. Something here is suspicious. If nginx was stopped, you couldn’t have gotten the 404 error containing the nginx version, right? As below:

Can you confirm that when you stop nginx, you can no longer access http://shin.go.ro ?

Nice catch there!

I did try and it did work, even though I did stop it. I had 2 more nginx processes running apparently. After I stopped those, it worked!

Thanks a lot for the help!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.