Certificate not working

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: beta.speedmananger.dev

I ran this command: Let's Debug

It produced this output:

Challenge update failures for beta.speedmanager.dev in order https://acme-staging-v02.api.letsencrypt.org/acme/order/5751349/789808038

acme: error code 403 "urn:ietf:params:acme:error:unauthorized": Invalid response from http://beta.speedmanager.dev/.well-known/acme-challenge/59XpsHt-UCraROVdFvium_4gC6PQLNYaMDm-uhUfYZ0 [167.172.12.132]: "\r\n404 Not Found\r\n\r\n

404 Not Found

\r\n
nginx\r\n"

My web server is (include version): nginx-ingress 4.0.6

The operating system my web server runs on is (include version): Kubernetes

My hosting provider, if applicable, is: godaddy

I can login to a root shell on my machine (yes or no, or I don't know): yes

i configured the ingress and the certmanager correctly, but when i go to the domain beta.speedmanager.dev i still get fake certificate error. and when i use the letsencrypt test it shows everything is fine except that in the verbose section i see :

Challenge update failures for beta.speedmanager.dev in order https://acme-staging-v02.api.letsencrypt.org/acme/order/5751349/789808038

acme: error code 403 "urn:ietf:params:acme:error:unauthorized": Invalid response from http://beta.speedmanager.dev/.well-known/acme-challenge/59XpsHt-UCraROVdFvium_4gC6PQLNYaMDm-uhUfYZ0 [167.172.12.132]: "\r\n404 Not Found\r\n\r\n

404 Not Found

\r\n
nginx\r\n"

Please help!

1 Like

@horlahlekhon Welcome to the forum

It looks like you got your certificate and the site is responding to https requests. Do you still need help?

If it is working, you should review your redirects as you would have problems doing a cert renewal with http challenge. You are redirecting challenge requests to https but that replies with a sign-in page - not the result of the challenge request. The curl -I https://... right now should respond with 404 not found, not a 200.

curl -I beta.speedmanager.dev/.well-known/acme-challenge/Test-Forum-123
HTTP/1.1 308 Permanent Redirect
Date: Sun, 17 Oct 2021 12:49:33 GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Location: https://beta.speedmanager.dev/.well-known/acme-challenge/Test-Forum-123

[TEST ~]> curl -I https://beta.speedmanager.dev/.well-known/acme-challenge/Test-Forum-123
HTTP/2 200
date: Sun, 17 Oct 2021 12:49:43 GMT
content-type: text/html; charset=UTF-8
host: beta.speedmanager.dev
x-powered-by: PHP/7.4.24
1 Like

Oh! i was thinking the 404 means it didn't work or something is wrong. thanks for explaining. it works now.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.