Challenge is invalid > Nearlyfreespeech

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

I basically followed these steps since I’m also trying to install TLS on nearlyfreespeech. So:

$ ssh
$ cd public/

Then I went to home/public/.well-known/acme-challenge and created a file test.txt there with some content inside. When i’m trying to access, I’m not able to see the content.

It produced this output:

When I’m running in /home/public the command, it produces the following error:

ERROR: Challenge is invalid! (returned: invalid) (result: {
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “Invalid response from []: 404”,
“status”: 403
“url”: “”,
“token”: “LLR-PlnQih3e3FKNeAZU781c6PQqkHAotl25wLmK000”,
“validationRecord”: [
“url”: “”,
“hostname”: “”,
“port”: “80”,
“addressesResolved”: [
“addressUsed”: “2607:ff18:80:4::2a4d”
“url”: “”,
“hostname”: “”,
“port”: “443”,
“addressesResolved”: [
“addressUsed”: “”

INFO: Using main config file /usr/local/etc/dehydrated/config


My web server is (include version):

Apache 2.4, PHP, CGI

The operating system my web server runs on is (include version):

General-purpose FreeBSD 2019Q2

My hosting provider, if applicable, is:

Nearly Free Speech

I can login to a root shell on my machine (yes or no, or I don’t know):

I can ssh but I don’t know if I can sudo since I’m an adjunct member. When I sudo, I get -bash: sudo: command not found.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

1 Like

Hi @CyrusLK

checking your domain that can't work -

There are redirects to another domain:

Domainname Http-Status redirect Sec. G GZip used - 203 / 250 - 18,80 % 301
Html is minified: 100,00 % 0.383 E
2607:ff18:80:4::2a4d GZip used - 203 / 250 - 18,80 % 301
Html is minified: 100,00 % 0.390 E

Ipv4 and ipv6 have the same answer, that's good.

But /.well-known/acme-challenge is redirected too.

And what's the script is doing?

It may be enough if you remove the redirect to that other domain.


support Letsencrypt certificates? Checking the website there is no information that Letsencrypt is supported or that it's possible to install an own certificate. Member Support - NearlyFreeSpeech.NET shows 1-Year DV SSL Certificates, so I don't think it's possible to install own Letsencrypt certificates.

1 Like

Thanks for the reply @JuergenAuer, I think it had to do with the redirection.
We disabled the redirection, then ran the command NFS created and it works now!


You may be able to re-enable redirection while including an automatic exclusion/bypass for the challenge requests.
[so that you won’t have to manually turn it off before and on after every time you need to renew your cert]

1 Like

Thanks @rg305, we enabled the redirection again and it worked.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.