Challenge is Invalid Help

grangemd · March 10, 2018, 5:50pm

I am trying to create an SSL cert and this is the error i am getting when i try to run the cert creator. I am completely lost with this stuff so I probably won’t provide the correct info

# INFO: Using main config file /home/mgranger/dehydrated/config
Processing mgranger.dynamic-dns.net
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting challenge for mgranger.dynamic-dns.net...
200 Successful Update
 + Responding to challenge for mgranger.dynamic-dns.net...
200 Successful Update
Unknown hook invalid_challenge
ERROR: Challenge is invalid! (returned: invalid) (result: {
  "type": "dns-01",
  "status": "invalid",
  "error": {
    "type": "urn:acme:error:connection",
    "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.mgranger.dynamic-dns.net",
    "status": 400
  },
  "uri": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "token": "xxxxxxxxxxxxxxxxxxxxxxxxxx",
  "keyAuthorization": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
})

Here is the hook.sh folder looks like

   #!/usr/bin/env bash
    set -e
    set -u
    set -o pipefail
     
    USERNAME="xxxxxxxx" # Your username
    PASSWORD="xxxxxxxx" # Your password
    HOSTNAME="mgranger.dynamic-dns.net" # Your DNS hostname
     
    case "$1" in
        "deploy_challenge")
            curl "https://nic.changeip.com/nic/update?u=${USERNAME}&p=${PASSWORD}&hostname=${HOSTNAME}"
            echo
            ;;
        "clean_challenge")
            curl "https://nic.changeip.com/nic/update?u=${USERNAME}&p=${PASSWORD}&hostname=${HOSTNAME}"
            echo
            ;;
        "deploy_cert")
            sudo systemctl restart home-assistant@mgranger.service
            ;;
        "unchanged_cert")
            ;;
        "startup_hook")
            ;;
        "exit_hook")
            ;;
        *)
            echo Unknown hook "${1}"
            exit 0
            ;;
    esac

Osiris · March 10, 2018, 11:44pm

I'm very sorry, but my crystal ball fell on the ground this morning and is now broken, so I have no clue what you mean by "the cert creator". Could you please elaborate?

danb35 · March 11, 2018, 12:08am

Well, based on the stated location of the config file, OP would appear to be using dehydrated. But the hook script provided looks like one that would just update the DDNS with the current IP address--there doesn't seem to be anything that would add a TXT record with the appropriate value (or remove it once validation is complete).

grangemd · March 11, 2018, 2:34am

Ok I am sorry I guess I wasn’t very good at describing my issue. Yes it is dehydrated. I gave up on using this particular DDNS service and went with DuckDNS and it worked out better.

schoen · March 12, 2018, 5:23am

It seems like you used a “DNS update script” for the original DDNS service that was too limited to perform the particular kind of update that Let’s Encrypt required for validation purposes. When you switched to DuckDNS, I guess you then had better software support for the necessary DNS updates.

system · April 11, 2018, 5:29am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.