Challenge is Invalid Help

I am trying to create an SSL cert and this is the error i am getting when i try to run the cert creator. I am completely lost with this stuff so I probably won’t provide the correct info

# INFO: Using main config file /home/mgranger/dehydrated/config
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting challenge for
200 Successful Update
 + Responding to challenge for
200 Successful Update
Unknown hook invalid_challenge
ERROR: Challenge is invalid! (returned: invalid) (result: {
  "type": "dns-01",
  "status": "invalid",
  "error": {
    "type": "urn:acme:error:connection",
    "detail": "DNS problem: NXDOMAIN looking up TXT for",
    "status": 400
  "uri": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "token": "xxxxxxxxxxxxxxxxxxxxxxxxxx",
  "keyAuthorization": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

Here is the folder looks like

   #!/usr/bin/env bash
    set -e
    set -u
    set -o pipefail
    USERNAME="xxxxxxxx" # Your username
    PASSWORD="xxxxxxxx" # Your password
    HOSTNAME="" # Your DNS hostname
    case "$1" in
            curl "${USERNAME}&p=${PASSWORD}&hostname=${HOSTNAME}"
            curl "${USERNAME}&p=${PASSWORD}&hostname=${HOSTNAME}"
            sudo systemctl restart home-assistant@mgranger.service
            echo Unknown hook "${1}"
            exit 0

I'm very sorry, but my crystal ball fell on the ground this morning and is now broken, so I have no clue what you mean by "the cert creator". Could you please elaborate?

Well, based on the stated location of the config file, OP would appear to be using dehydrated. But the hook script provided looks like one that would just update the DDNS with the current IP address--there doesn't seem to be anything that would add a TXT record with the appropriate value (or remove it once validation is complete).

1 Like

Ok I am sorry I guess I wasn’t very good at describing my issue. Yes it is dehydrated. I gave up on using this particular DDNS service and went with DuckDNS and it worked out better.

1 Like

It seems like you used a “DNS update script” for the original DDNS service that was too limited to perform the particular kind of update that Let’s Encrypt required for validation purposes. When you switched to DuckDNS, I guess you then had better software support for the necessary DNS updates.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.