dehydrated/Apache - Challenge is invalid! (returned: invalid)

Help
1

Second try:

/usr/bin/dehydrated -c
# INFO: Using main config file /etc/dehydrated/config
# INFO: Running /usr/bin/dehydrated as gone/wheel
# INFO: Using main config file /etc/dehydrated/config
Processing data2023.ddns.net
+ Signing domains...
+ Generating private key...
+ Generating signing request...
+ Requesting new certificate order from CA...
+ Received 1 authorizations URLs from the CA
+ Handling authorization for data2023.ddns.net
+ 1 pending challenge(s)
+ Deploying challenge tokens...
+ Responding to challenge for data2023.ddns.net authorization...
+ Cleaning challenge tokens...
+ Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: ["type"] "http-01"
["status"] "invalid"
["error","type"] "urn:ietf:params:acme:error:unauthorized"
["error","detail"] "148.71.136.248: Invalid response from http://data2023.ddns.net/.well-known/acme-challenge/nsmZNPAbhkwBy8XD2es2oFxrvZ2dTNVcM4cv1BEOwlU: 404"
["error","status"] 403
["error"] {"type":"urn:ietf:params:acme:error:unauthorized","detail":"148.71.136.248: Invalid response from http://data2023.ddns.net/.well-known/acme-challenge/nsmZNPAbhkwBy8XD2es2oFxrvZ2dTNVcM4cv1BEOwlU: 404","status":403}
["url"] "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/11169678373/8NZ9uA"
["token"] "nsmZNPAbhkwBy8XD2es2oFxrvZ2dTNVcM4cv1BEOwlU"
["validationRecord",0,"url"] "http://data2023.ddns.net/.well-known/acme-challenge/nsmZNPAbhkwBy8XD2es2oFxrvZ2dTNVcM4cv1BEOwlU"
["validationRecord",0,"hostname"] "data2023.ddns.net"
["validationRecord",0,"port"] "80"
["validationRecord",0,"addressesResolved",0] "148.71.136.248"
["validationRecord",0,"addressesResolved"] ["148.71.136.248"]
["validationRecord",0,"addressUsed"] "148.71.136.248"
["validationRecord",0,"resolverAddrs",0] "A:10.0.32.84:26959"
["validationRecord",0,"resolverAddrs",1] "AAAA:10.0.32.84:26959"
["validationRecord",0,"resolverAddrs"] ["A:10.0.32.84:26959","AAAA:10.0.32.84:26959"]
["validationRecord",0] {"url":"http://data2023.ddns.net/.well-known/acme-challenge/nsmZNPAbhkwBy8XD2es2oFxrvZ2dTNVcM4cv1BEOwlU","hostname":"data2023.ddns.net","port":"80","addressesResolved":["148.71.136.248"],"addressUsed":"148.71.136.248","resolverAddrs":["A:10.0.32.84:26959","AAAA:10.0.32.84:26959"]}
["validationRecord"] [{"url":"http://data2023.ddns.net/.well-known/acme-challenge/nsmZNPAbhkwBy8XD2es2oFxrvZ2dTNVcM4cv1BEOwlU","hostname":"data2023.ddns.net","port":"80","addressesResolved":["148.71.136.248"],"addressUsed":"148.71.136.248","resolverAddrs":["A:10.0.32.84:26959","AAAA:10.0.32.84:26959"]}]
["validated"] "2024-02-14T15:57:58Z")
root@data:/srv/www/icons# apachectl -t -D DUMP_VHOSTS
AH00526: Syntax error on line 52 of /etc/httpd/extra/httpd-ssl.conf:
Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration

(Without http-ssl.conf)
~# apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:80 is a NameVirtualHost
default server data2023.ddns.net (/etc/httpd/extra/httpd-vhosts.conf:24)
port 80 namevhost data2023.ddns.net (/etc/httpd/extra/httpd-vhosts.conf:24)
port 80 namevhost data.nigo.com.pt (/etc/httpd/extra/httpd-vhosts.conf:46)

(With http-ssl.conf)
~# apachectl -t -D DUMP_VHOSTS
AH00526: Syntax error on line 52 of /etc/httpd/extra/httpd-ssl.conf:
Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration

Server version: Apache/2.4.58 (Unix)
Slackware x86_64 (post 15.0 -current)
No-ip
I can login to a root shell on my machine
I'm not using a control panel to manage my site
Dehydrated version: 0.7.1
GIT-Revision: unknown
Used software:
bash: bash 5.2.26
curl 8.6.0 (x86_64-pc-linux-gnu)
awk: GNU Awk 5.3.0, API 4.0, PMA Avon 8-g1, (GNU MPFR 4.2.1, GNU MP 6.3.0)
sed: sed (GNU sed) 4.9
mktemp: mktemp (GNU coreutils) 9.4
grep: grep (GNU grep) 3.11
diff: diff (GNU diffutils) 3.10
OpenSSL 3.2.1

~# cat httpd.conf

ServerRoot "/usr"
Listen 80

LoadModule mpm_event_module lib64/httpd/modules/mod_mpm_event.so
#LoadModule mpm_prefork_module lib64/httpd/modules/mod_mpm_prefork.so
#LoadModule mpm_worker_module lib64/httpd/modules/mod_mpm_worker.so
LoadModule authn_file_module lib64/httpd/modules/mod_authn_file.so
#LoadModule authn_dbm_module lib64/httpd/modules/mod_authn_dbm.so
#LoadModule authn_anon_module lib64/httpd/modules/mod_authn_anon.so
#LoadModule authn_dbd_module lib64/httpd/modules/mod_authn_dbd.so
#LoadModule authn_socache_module lib64/httpd/modules/mod_authn_socache.so
LoadModule authn_core_module lib64/httpd/modules/mod_authn_core.so
LoadModule authz_host_module lib64/httpd/modules/mod_authz_host.so
LoadModule authz_groupfile_module lib64/httpd/modules/mod_authz_groupfile.so
LoadModule authz_user_module lib64/httpd/modules/mod_authz_user.so
#LoadModule authz_dbm_module lib64/httpd/modules/mod_authz_dbm.so
#LoadModule authz_owner_module lib64/httpd/modules/mod_authz_owner.so
#LoadModule authz_dbd_module lib64/httpd/modules/mod_authz_dbd.so
LoadModule authz_core_module lib64/httpd/modules/mod_authz_core.so
#LoadModule authnz_ldap_module lib64/httpd/modules/mod_authnz_ldap.so
LoadModule access_compat_module lib64/httpd/modules/mod_access_compat.so
LoadModule auth_basic_module lib64/httpd/modules/mod_auth_basic.so
#LoadModule auth_form_module lib64/httpd/modules/mod_auth_form.so
#LoadModule auth_digest_module lib64/httpd/modules/mod_auth_digest.so
#LoadModule allowmethods_module lib64/httpd/modules/mod_allowmethods.so
#LoadModule file_cache_module lib64/httpd/modules/mod_file_cache.so
#LoadModule cache_module lib64/httpd/modules/mod_cache.so
#LoadModule cache_disk_module lib64/httpd/modules/mod_cache_disk.so
#LoadModule cache_socache_module lib64/httpd/modules/mod_cache_socache.so
#LoadModule socache_shmcb_module lib64/httpd/modules/mod_socache_shmcb.so
#LoadModule socache_dbm_module lib64/httpd/modules/mod_socache_dbm.so
#LoadModule socache_memcache_module lib64/httpd/modules/mod_socache_memcache.so
#LoadModule socache_redis_module lib64/httpd/modules/mod_socache_redis.so
#LoadModule watchdog_module lib64/httpd/modules/mod_watchdog.so
#LoadModule macro_module lib64/httpd/modules/mod_macro.so
#LoadModule dbd_module lib64/httpd/modules/mod_dbd.so
#LoadModule dumpio_module lib64/httpd/modules/mod_dumpio.so
#LoadModule echo_module lib64/httpd/modules/mod_echo.so
#LoadModule buffer_module lib64/httpd/modules/mod_buffer.so
#LoadModule data_module lib64/httpd/modules/mod_data.so
#LoadModule ratelimit_module lib64/httpd/modules/mod_ratelimit.so
LoadModule reqtimeout_module lib64/httpd/modules/mod_reqtimeout.so
#LoadModule ext_filter_module lib64/httpd/modules/mod_ext_filter.so
#LoadModule request_module lib64/httpd/modules/mod_request.so
#LoadModule include_module lib64/httpd/modules/mod_include.so
LoadModule filter_module lib64/httpd/modules/mod_filter.so
#LoadModule reflector_module lib64/httpd/modules/mod_reflector.so
#LoadModule substitute_module lib64/httpd/modules/mod_substitute.so
#LoadModule sed_module lib64/httpd/modules/mod_sed.so
#LoadModule charset_lite_module lib64/httpd/modules/mod_charset_lite.so
#LoadModule deflate_module lib64/httpd/modules/mod_deflate.so
#LoadModule xml2enc_module lib64/httpd/modules/mod_xml2enc.so
#LoadModule proxy_html_module lib64/httpd/modules/mod_proxy_html.so
#LoadModule brotli_module lib64/httpd/modules/mod_brotli.so
LoadModule mime_module lib64/httpd/modules/mod_mime.so
#LoadModule ldap_module lib64/httpd/modules/mod_ldap.so
LoadModule log_config_module lib64/httpd/modules/mod_log_config.so
#LoadModule log_debug_module lib64/httpd/modules/mod_log_debug.so
#LoadModule log_forensic_module lib64/httpd/modules/mod_log_forensic.so
#LoadModule logio_module lib64/httpd/modules/mod_logio.so
#LoadModule lua_module lib64/httpd/modules/mod_lua.so
LoadModule env_module lib64/httpd/modules/mod_env.so
#LoadModule mime_magic_module lib64/httpd/modules/mod_mime_magic.so
#LoadModule expires_module lib64/httpd/modules/mod_expires.so
LoadModule headers_module lib64/httpd/modules/mod_headers.so
#LoadModule usertrack_module lib64/httpd/modules/mod_usertrack.so
#LoadModule unique_id_module lib64/httpd/modules/mod_unique_id.so
LoadModule setenvif_module lib64/httpd/modules/mod_setenvif.so
LoadModule version_module lib64/httpd/modules/mod_version.so
#LoadModule remoteip_module lib64/httpd/modules/mod_remoteip.so
#LoadModule proxy_module lib64/httpd/modules/mod_proxy.so
#LoadModule proxy_connect_module lib64/httpd/modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module lib64/httpd/modules/mod_proxy_ftp.so
#LoadModule proxy_http_module lib64/httpd/modules/mod_proxy_http.so
#LoadModule proxy_fcgi_module lib64/httpd/modules/mod_proxy_fcgi.so
#LoadModule proxy_scgi_module lib64/httpd/modules/mod_proxy_scgi.so
#LoadModule proxy_uwsgi_module lib64/httpd/modules/mod_proxy_uwsgi.so
#LoadModule proxy_fdpass_module lib64/httpd/modules/mod_proxy_fdpass.so
#LoadModule proxy_wstunnel_module lib64/httpd/modules/mod_proxy_wstunnel.so
#LoadModule proxy_ajp_module lib64/httpd/modules/mod_proxy_ajp.so
#LoadModule proxy_balancer_module lib64/httpd/modules/mod_proxy_balancer.so
#LoadModule proxy_express_module lib64/httpd/modules/mod_proxy_express.so
#LoadModule proxy_hcheck_module lib64/httpd/modules/mod_proxy_hcheck.so
#LoadModule session_module lib64/httpd/modules/mod_session.so
#LoadModule session_cookie_module lib64/httpd/modules/mod_session_cookie.so
#LoadModule session_dbd_module lib64/httpd/modules/mod_session_dbd.so
#LoadModule slotmem_shm_module lib64/httpd/modules/mod_slotmem_shm.so
#LoadModule slotmem_plain_module lib64/httpd/modules/mod_slotmem_plain.so
#LoadModule ssl_module lib64/httpd/modules/mod_ssl.so
#LoadModule dialup_module lib64/httpd/modules/mod_dialup.so
#LoadModule http2_module lib64/httpd/modules/mod_http2.so
#LoadModule proxy_http2_module lib64/httpd/modules/mod_proxy_http2.so
#LoadModule md_module lib64/httpd/modules/mod_md.so
#LoadModule lbmethod_byrequests_module lib64/httpd/modules/mod_lbmethod_byrequests.so
#LoadModule lbmethod_bytraffic_module lib64/httpd/modules/mod_lbmethod_bytraffic.so
#LoadModule lbmethod_bybusyness_module lib64/httpd/modules/mod_lbmethod_bybusyness.so
#LoadModule lbmethod_heartbeat_module lib64/httpd/modules/mod_lbmethod_heartbeat.so
LoadModule unixd_module lib64/httpd/modules/mod_unixd.so
#LoadModule heartbeat_module lib64/httpd/modules/mod_heartbeat.so
#LoadModule heartmonitor_module lib64/httpd/modules/mod_heartmonitor.so
#LoadModule dav_module lib64/httpd/modules/mod_dav.so
LoadModule status_module lib64/httpd/modules/mod_status.so
LoadModule autoindex_module lib64/httpd/modules/mod_autoindex.so
#LoadModule asis_module lib64/httpd/modules/mod_asis.so
#LoadModule info_module lib64/httpd/modules/mod_info.so
<IfModule !mpm_prefork_module>
#LoadModule cgid_module lib64/httpd/modules/mod_cgid.so


#LoadModule cgi_module lib64/httpd/modules/mod_cgi.so

#LoadModule dav_fs_module lib64/httpd/modules/mod_dav_fs.so
#LoadModule dav_lock_module lib64/httpd/modules/mod_dav_lock.so
#LoadModule vhost_alias_module lib64/httpd/modules/mod_vhost_alias.so
#LoadModule negotiation_module lib64/httpd/modules/mod_negotiation.so
LoadModule dir_module lib64/httpd/modules/mod_dir.so
#LoadModule actions_module lib64/httpd/modules/mod_actions.so
#LoadModule speling_module lib64/httpd/modules/mod_speling.so
#LoadModule userdir_module lib64/httpd/modules/mod_userdir.so
LoadModule alias_module lib64/httpd/modules/mod_alias.so
#LoadModule rewrite_module lib64/httpd/modules/mod_rewrite.so

<IfModule unixd_module>
User daemon
Group daemon
</IfModule>

ServerAdmin root@localhost
ServerName data2023.ddns.net:80

<Directory />
AllowOverride none
Require all denied
</Directory>

DocumentRoot "/srv/httpd/htdocs/data2023.ddns.net/"
<Directory "/srv/httpd/htdocs/data2023.ddns.net">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>

<IfModule dir_module>
DirectoryIndex index.html
</IfModule>

<Files ".ht*">
Require all denied
</Files>

ErrorLog "/var/log/httpd/error_log"

LogLevel warn

<IfModule log_config_module>
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
LogFormat "%h %l %u %t "%r" %>s %b" common

`<IfModule logio_module>`
  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
`</IfModule>`

CustomLog "/var/log/httpd/access_log" common

</IfModule>

<IfModule alias_module>
ScriptAlias /cgi-bin/ "/srv/httpd/cgi-bin/"
</IfModule>

<IfModule cgid_module>

</IfModule>

<Directory "/srv/httpd/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>

<IfModule headers_module>
RequestHeader unset Proxy early
</IfModule>

<IfModule mime_module>
TypesConfig /etc/httpd/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>

# Server-pool management (MPM specific) #Include /etc/httpd/extra/httpd-mpm.conf

# Multi-language error messages #Include /etc/httpd/extra/httpd-multilang-errordoc.conf

# Fancy directory listings #Include /etc/httpd/extra/httpd-autoindex.conf

# Language settings #Include /etc/httpd/extra/httpd-languages.conf

# User home directories #Include /etc/httpd/extra/httpd-userdir.conf

# Real-time info on requests and configuration #Include /etc/httpd/extra/httpd-info.conf

# Virtual hosts Include /etc/httpd/extra/httpd-vhosts.conf

# Local access to the Apache HTTP Server Manual #Include /etc/httpd/extra/httpd-manual.conf

# Distributed authoring and versioning (WebDAV) #Include /etc/httpd/extra/httpd-dav.conf

# Various default settings #Include /etc/httpd/extra/httpd-default.conf

# Configure mod_proxy_html to understand HTML4/XHTML1
<IfModule proxy_html_module>
Include /etc/httpd/extra/proxy-html.conf
</IfModule>

# Secure (SSL/TLS) connections Include /etc/httpd/extra/httpd-ssl.conf (wiht or without SSL same output from /usr/bin/dehydrated -c)

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

~# cat extra/httpd-vhosts.conf
<VirtualHost *:80>

ServerName data2023.ddns.net
ServerAdmin gone@data2023.ddns.net
DocumentRoot /srv/www/htdocs/data2023.ddns.net/
ErrorLog "/var/log/httpd/data2023.ddns.net-error_log"
CustomLog "/var/log/httpd/data2023.ddns.net-access_log" combined
#Redirect permanent / https://data2023.ddns.net/

<Directory /srv/www/htdocs/data2023.ddns.net>
Options None
AllowOverride None
Require all granted
</Directory>

Alias /.well-known/acme-challenge /usr/local/dehydrated

<Directory /usr/local/dehydrated>
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>

<VirtualHost *:80>

ServerName data.nigo.com.pt
ServerAdmin gone@data.nigo.com.pt
DocumentRoot /srv/httpd/htdocs/nigo.com.pt
ErrorLog "/var/log/httpd/data.nigo.com.pt-error_log"
CustomLog "/var/log/httpd/data.nigo.com.pt-access_log" combined

<Directory /srv/www/htdocs/nigo.com.pt>
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>

There is a readable teste.txt file in /.well-known/acme-challenge/

Can you help?

2

In your dehydrated conf file, what is this value?

# Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: /var/www/dehydrated)
#WELLKNOWN="/var/www/dehydrated"
3 Likes
3

Incredible. I forgot to go back to /usr/local/src/ after trying different approaches. I hope I haven't wasted too much of your time.

3 Likes
4

No worries. These were the key parts from your post just for fun :slight_smile:

The first two make clear dehydrated was using HTTP challenge for the right domain

The "404" means "Not Found" so indicates a mis-match between where dehydrated deployed (or placed) the challenge token and where your server thinks it should be.

3 Likes
5

Incredible. I forgot to go back to /usr/local/dehydrated/ after trying different approaches. I hope I haven't wasted too much of your time.

Cheers,

1 Like
6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.