Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://www.franklinford.org/

I ran this command:

I basically followed these steps since I'm also trying to install TLS on nearlyfreespeech. So:

$ ssh
$ cd public/
$ tls-setup.sh

Then I went to home/public/.well-known/acme-challenge and created a file test.txt there with some content inside. When i'm trying to access http://franklinford.org/.well-known/acme-challenge/test.txt, I'm not able to see the content.

It produced this output:

When I'm running in /home/public the command tls-setup.sh, it produces the following error:

ERROR: Challenge is invalid! (returned: invalid) (result: {
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from https://juliette-demaeyer.squarespace.com/.well-known/acme-challenge/LLR-PlnQih3e3FKNeAZU781c6PQqkHAotl25wLmK000 [198.185.159.176]: 404",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/1465037135/8fe-2Q",
"token": "LLR-PlnQih3e3FKNeAZU781c6PQqkHAotl25wLmK000",
"validationRecord": [
{
"url": "http://www.franklinford.org/.well-known/acme-challenge/LLR-PlnQih3e3FKNeAZU781c6PQqkHAotl25wLmK000",
"hostname": "www.franklinford.org",
"port": "80",
"addressesResolved": [
"208.94.118.129",
"2607:ff18:80:4::2a4d"
],
"addressUsed": "2607:ff18:80:4::2a4d"
},
{
"url": "https://juliette-demaeyer.squarespace.com/.well-known/acme-challenge/LLR-PlnQih3e3FKNeAZU781c6PQqkHAotl25wLmK000",
"hostname": "juliette-demaeyer.squarespace.com",
"port": "443",
"addressesResolved": [
"198.185.159.176",
"198.49.23.176",
"198.185.159.177",
"198.49.23.177"
],
"addressUsed": "198.185.159.176"
}
]
})

INFO: Using main config file /usr/local/etc/dehydrated/config

Processing www.franklinford.org

• Signing domains...
• Generating private key...
• Generating signing request...
• Requesting new certificate order from CA...
• Received 1 authorizations URLs from the CA
• Handling authorization for www.franklinford.org
• 1 pending challenge(s)
• Deploying challenge tokens...
• Responding to challenge for www.franklinford.org authorization...
• Certificate for www.franklinford.org had invalid challenge. Result follows:
  {
  "type": "http-01",
  "status": "invalid",
  "error": {
  "type": "urn:ietf:params:acme:error:unauthorized",
  "detail": "Invalid response from https://juliette-demaeyer.squarespace.com/.well-known/acme-challenge/LLR-PlnQih3e3FKNeAZU781c6PQqkHAotl25wLmK000 [198.185.159.176]: 404",
  "status": 403
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/1465037135/8fe-2Q",
  "token": "LLR-PlnQih3e3FKNeAZU781c6PQqkHAotl25wLmK000",
  "validationRecord": [
  {
  "url": "http://www.franklinford.org/.well-known/acme-challenge/LLR-PlnQih3e3FKNeAZU781c6PQqkHAotl25wLmK000",
  "hostname": "www.franklinford.org",
  "port": "80",
  "addressesResolved": [
  "208.94.118.129",
  "2607:ff18:80:4::2a4d"
  ],
  "addressUsed": "2607:ff18:80:4::2a4d"
  },
  {
  "url": "https://juliette-demaeyer.squarespace.com/.well-known/acme-challenge/LLR-PlnQih3e3FKNeAZU781c6PQqkHAotl25wLmK000",
  "hostname": "juliette-demaeyer.squarespace.com",
  "port": "443",
  "addressesResolved": [
  "198.185.159.176",
  "198.49.23.176",
  "198.185.159.177",
  "198.49.23.177"
  ],
  "addressUsed": "198.185.159.176"
  }
  ]
  }
• Cleaning challenge tokens...
• Challenge validation has failed
  [franklinford /home/public]$ packet_write_wait: Connection to 208.94.116.211 port 22: Broken pipe

My web server is (include version):

Apache 2.4, PHP, CGI

The operating system my web server runs on is (include version):

General-purpose FreeBSD 2019Q2

My hosting provider, if applicable, is:

Nearly Free Speech

I can login to a root shell on my machine (yes or no, or I don't know):

I can ssh but I don't know if I can sudo since I'm an adjunct member. When I sudo, I get -bash: sudo: command not found.

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Hi @CyrusLK

checking your domain that can't work - https://check-your-website.server-daten.de/?q=franklinford.org

There are redirects to another domain:

Ipv4 and ipv6 have the same answer, that's good.

But /.well-known/acme-challenge is redirected too.

And what's the script tls-setup.sh is doing?

It may be enough if you remove the redirect to that other domain.

Does

support Letsencrypt certificates? Checking the website https://www.nearlyfreespeech.net/ there is no information that Letsencrypt is supported or that it's possible to install an own certificate. Member Support - NearlyFreeSpeech.NET shows 1-Year DV SSL Certificates, so I don't think it's possible to install own Letsencrypt certificates.

Thanks for the reply @JuergenAuer, I think it had to do with the redirection.
We disabled the redirection, then ran the tls-setup.sh command NFS created and it works now!

You may be able to re-enable redirection while including an automatic exclusion/bypass for the challenge requests.
[so that you won’t have to manually turn it off before and on after every time you need to renew your cert]

Thanks @rg305, we enabled the redirection again and it worked.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.