Challenge failed for domain

Which names would you like to activate HTTPS for?


1: learner.lincs.ed.gov


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for learner.lincs.ed.gov
Waiting for verification…
Challenge failed for domain learner.lincs.ed.gov
http-01 challenge for learner.lincs.ed.gov
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

Using curl I get a 404 trying to hit the url, because I am sure it is gone by then, but I do not get unauthorized. The DNS for his site and the configs pass all checks.

[root@learner01 ~]# curl -v --insecure https://learner.lincs.ed.gov/.well-known/acme-challenge/CeRAbAPwWxi7nkyjdAAyThkWt3zzBGwdlfT-oi9q810

  • About to connect() to learner.lincs.ed.gov port 443 (#0)
  • Trying 192.168.0.130… connected
  • Connected to learner.lincs.ed.gov (192.168.0.130) port 443 (#0)
  • Initializing NSS with certpath: sql:/etc/pki/nssdb
  • warning: ignoring value of ssl.verifyhost
  • skipping SSL peer certificate verification
  • SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • Server certificate:
  • subject: CN=*.lincs.ed.gov,OU=Domain Control Validated
  • start date: Jul 03 19:23:38 2018 GMT
  • expire date: Aug 24 15:58:36 2020 GMT
  • common name: *.lincs.ed.gov
  • issuer: CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=“GoDaddy.com, Inc.”,L=Scottsdale,ST=Arizona,C=US

GET /.well-known/acme-challenge/CeRAbAPwWxi7nkyjdAAyThkWt3zzBGwdlfT-oi9q810 HTTP/1.1
User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.44 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Host: learner.lincs.ed.gov
Accept: /

< HTTP/1.1 404 Not Found

The HTTP requests are being redirected to HTTPS.
This may not be necessary for the authentication requests and would simplify things if they could be excluded from such redirection.
In any case, you should try placing a test-file in the expected challenge location to see if files there are actually requiring authentication (which they may when redirected to HTTPS).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.