dehydrated/Apache - Challenge is invalid! (returned: invalid)

My domain is: data2023.ddns.net

I ran this command: dehydrated -c

It produced this output:
'# INFO: Using main config file /etc/dehydrated/config'
'# INFO: Running /usr/bin/dehydrated as gone/wheel'
'# INFO: Using main config file /etc/dehydrated/config'
Processing data2023.ddns.net

• Signing domains...
• Generating private key...
• Generating signing request...
• Requesting new certificate order from CA...
• Received 1 authorizations URLs from the CA
• Handling authorization for data2023.ddns.net
• 1 pending challenge(s)
• Deploying challenge tokens...
• Responding to challenge for data2023.ddns.net authorization...
• Cleaning challenge tokens...
• Challenge validation has failed
  ERROR: Challenge is invalid! (returned: invalid) (result:
  ["type"] "http-01"
  ["status"] "invalid"
  ["error","type"] "urn:ietf:params:acme:error:unauthorized"
  ["error","detail"] "148.71.136.248: Invalid response from http://data2023.ddns.net/.well-known/acme-challenge/AE4sEgTz_fbBFMcSkb_gU5x8ysav8zs3jx2YIrG-2WE: 404"
  ["error","status"] 403
  ["error"] {"type":"urn:ietf:params:acme:error:unauthorized","detail":"148.71.136.248: Invalid response from http://data2023.ddns.net/.well-known/acme-challenge/AE4sEgTz_fbBFMcSkb_gU5x8ysav8zs3jx2YIrG-2WE: 404","status":403}
  ["url"] "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/9626966834/z-vSGA"
  ["token"] "AE4sEgTz_fbBFMcSkb_gU5x8ysav8zs3jx2YIrG-2WE"
  ["validationRecord",0,"url"] "http://data2023.ddns.net/.well-known/acme-challenge/AE4sEgTz_fbBFMcSkb_gU5x8ysav8zs3jx2YIrG-2WE"
  ["validationRecord",0,"hostname"] "data2023.ddns.net"
  ["validationRecord",0,"port"] "80"
  ["validationRecord",0,"addressesResolved",0] "148.71.136.248"
  ["validationRecord",0,"addressesResolved"] ["148.71.136.248"]
  ["validationRecord",0,"addressUsed"] "148.71.136.248"
  ["validationRecord",0] {"url":"http://data2023.ddns.net/.well-known/acme-challenge/AE4sEgTz_fbBFMcSkb_gU5x8ysav8zs3jx2YIrG-2WE","hostname":"data2023.ddns.net","port":"80","addressesResolved":["148.71.136.248"],"addressUsed":"148.71.136.248"}
  ["validationRecord"] [{"url":"http://data2023.ddns.net/.well-known/acme-challenge/AE4sEgTz_fbBFMcSkb_gU5x8ysav8zs3jx2YIrG-2WE","hostname":"data2023.ddns.net","port":"80","addressesResolved":["148.71.136.248"],"addressUsed":"148.71.136.248"}]
  ["validated"] "2023-11-23T01:20:57Z")

My web server is: Apache/2.4.58 (Unix)

The operating system my web server runs on is: Slackware x86_64 (post 15.0 -current)

My hosting provider, if applicable, is: No-ip

I can login to a root shell on my machine: yes

I'm using a control panel to manage my site: no

The version of my client is: Dehydrated version: 0.7.1
GIT-Revision: unknown
Used software:
bash: 5.2.15(1)-release
curl: 8.4.0
awk: GNU Awk 5.3.0, API 4.0, PMA Avon 8-g1, (GNU MPFR 4.2.1, GNU MP 6.3.0)
sed: sed (GNU sed) 4.9
mktemp: mktemp (GNU coreutils) 9.4
grep: grep (GNU grep) 3.11
diff: diff (GNU diffutils) 3.10
openssl: OpenSSL 3.1.4 24 Oct 2023 (Library: OpenSSL 3.1.4 24 Oct 2023)

Hi @gonesb, and welcome to the LE community forum

Based solely on the 404 and Apache, I would start by checking that no name:port overlap(s) exist.
Show:
sudo apachectl -t -D DUMP_VHOSTS

Thank you @rg305.

# apachectl -t -D DUMP_VHOSTS
VirtualHost configuration: *:443 data2023.ddns.net (/etc/httpd/extra/httpd-ssl.conf:121)

If that is the entire output, I can't see how it can handle HTTP-01 authentication requests.
Maybe dehydrated doesn't use HTTP-01 authentication...
Let me update your topic title to draw attention to that.

Ok, go ahead.
Yes that is the entire output. I configured dehydrated to use "http-01", it should be using it, right?

# cat /etc/dehydrated/config
DEHYDRATED_USER=user
DEHYDRATED_GROUP=wheel
CA="https://acme-staging-v02.api.letsencrypt.org/directory"
#CA="https://acme-v02.api.letsencrypt.org/directory"
CHALLENGETYPE="http-01"
DOMAINS_TXT="${BASEDIR}/domains.txt"
CERTDIR="${BASEDIR}/certs"
ACCOUNTDIR="${BASEDIR}/accounts"
WELLKNOWN="/usr/local/dehydrated"
#HOOK=/etc/dehydrated/hook.sh
PRIVATE_KEY_RENEW="no"
CONTACT_EMAIL=
`LOCKFILE="${BASEDIR}/var/lock"``

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.