Detail: Invalid response from http://simca.tech/.well-known/acme-challenge/Kmjz6pdfz91ubRRrE_AL-qQ5Z-1FB7vfM3WSt6xuul8


#1

My domain is: simca.tech

I ran this command: sudo certbot --nginx -d simca.tech

It produced this output:

Failed authorization procedure. simca.tech (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://simca.tech/.well-known/acme-challenge/Kmjz6pdfz91ubRRrE_AL-qQ5Z-1FB7vfM3WSt6xuul8 [104.248.66.200]: “<!doctype html>\n<html lang=“en”>\n\n <meta charset=“utf-8”>\n Cliente\n <base href=”/">\n\n <meta name=“viewp”

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: simca.tech
    Type: unauthorized
    Detail: Invalid response from
    http://simca.tech/.well-known/acme-challenge/Kmjz6pdfz91ubRRrE_AL-qQ5Z-1FB7vfM3WSt6xuul8
    [103.048.65.200]: "<!doctype html>\n<html lang=“en”>\n\n

    \n Cliente\n \n\n <meta name=\"viewp"

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version): nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04.2 x64

My hosting provider, if applicable, is: digitaOcean

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):


#2

I see you are using NGINX, but the HTTP headers don’t show NGINX:

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Authorization, X-API-KEY, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Allow-Request-Method
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE
Allow: GET, POST, OPTIONS, PUT, DELETE
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 27 Mar 2019 19:05:46 GMT
ETag: W/"34f-169c08b44b7"
Content-Type: text/html; charset=UTF-8
Content-Length: 847
Date: Wed, 27 Mar 2019 21:21:56 GMT
Connection: keep-alive

Are you aware of any inline device/product/service “X-Powered-By: Express” ?


#3

Hi @steven88558902

there is a curious answer:

Domainname Http-Status redirect Sec. G
http://simca.tech/
104.248.66.200 200 0.347 H
http://www.simca.tech/
104.248.66.200 200 0.347 H
https://simca.tech/
104.248.66.200 -2 1.526 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 104.248.66.200:443
https://www.simca.tech/
104.248.66.200 -2 1.523 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 104.248.66.200:443
http://simca.tech/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
104.248.66.200 200 0.347
Visible Content: </app-root>
http://www.simca.tech/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
104.248.66.200 200 0.350
Visible Content: </app-root>
</app-root>

Checking with a browser, there is a redirect to the / and a body with the same element + JavaScript.

So it looks there is another program running.


#4

another program running i this port?, i believe that it is the app, it is in 80 port, anybody say me that i must
create another location in nginx with the route .ell-known so that the server of the nodes is not passed


#5

Yes, that’s required. If you use http-01 validation, Certbot creates a file in /.well-known/acme-challenge, Letsencrypt checks that file.

But checking a not existing file a http status 404 (not found) is expected.

Your server sends a 200 and content.

What happens with a request port 80 /.well-known/acme-challenge? What’s the relation between the nginx and that app?