I am trying to make my site SSLenabled. I have shell access to my server. The architecture is as follows

1. Front facing is apache
2. The application is hosted in another server.

I’m trying to generate the certificate from the apache installed server. The error I’m getting is as follows

Responding to challenge for pXXXXXt.XXX.XX authorization…
ERROR: Challenge is invalid! (returned: invalid) (result: {
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:acme:error:unauthorized”,
“detail”: “Invalid response from http://pXXXXXt.XXX.XX /.well-known/acme-challenge/fhKkU0CE7fCYKDTr96Ch2M8OabFJTkZhUVseJwQcz1s: “\u003chtml\u003e\u003chead\u003e\u003ctitle\u003eApache Tomcat/7.0.23 - Error report\u003c/title\u003e\u003cstyle\u003e\u003c!–H1 {font-family:Tahoma,Arial,sans-serif;color:white;bac””,
“status”: 403
},
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/P7Su2lk8kmdpjb-ZAOg9TjxBT--sgTP4fOqL6Ms4dkw/9117329727”,
“token”: “fhKkU0CE7fCYKDTr96Ch2M8OabFJTkZhUVseJwQcz1s”,

Please help me to resolve the issue

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Within the same internal network?
You may need include more detail in how these systems interact.

My domain is: panchayat.gov.in

I ran this command:
After accepting the terms using the command ./dehydrated --register --accept-terms
I ran the command ./dehydrated -c

It produced this output:

INFO: Using main config file /root/dehydrated-master/config

Processing panchayat.gov.in

• Signing domains...
• Generating private key...
• Generating signing request...
• Requesting authorization for panchayat.gov.in...
• 1 pending challenge(s)
• Deploying challenge tokens...
• Responding to challenge for panchayat.gov.in authorization...
  ERROR: Challenge is invalid! (returned: invalid) (result: {
  "type": "http-01",
  "status": "invalid",
  "error": {
  "type": "urn:acme:error:unauthorized",
  "detail": "Invalid response from http://panchayat.gov.in/.well-known/acme-challenge/FaW1qiejASxwuxaPnRMN4LGg6ExdWSnOT9NhBLJXxqk: "\u003chtml\u003e\u003chead\u003e\u003ctitle\u003eApache Tomcat/7.0.23 - Error report\u003c/title\u003e\u003cstyle\u003e\u003c!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;bac"",
  "status": 403
  },
  "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/m-2n1Rbau32RUKzWtwba6dZw2FQdiLIuY0KCUlggAe4/9138073625",
  "token": "FaW1qiejASxwuxaPnRMN4LGg6ExdWSnOT9NhBLJXxqk",
  "validationRecord": [
  {
  "url": "http://panchayat.gov.in/.well-known/acme-challenge/FaW1qiejASxwuxaPnRMN4LGg6ExdWSnOT9NhBLJXxqk",
  "hostname": "panchayat.gov.in",
  "port": "80",
  "addressesResolved": [
  "164.100.128.29"
  ],
  "addressUsed": "164.100.128.29"
  },
  {
  "url": "http://www.panchayat.gov.in/.well-known/acme-challenge/FaW1qiejASxwuxaPnRMN4LGg6ExdWSnOT9NhBLJXxqk",
  "hostname": "www.panchayat.gov.in",
  "port": "80",
  "addressesResolved": [
  "164.100.128.29"
  ],
  "addressUsed": "164.100.128.29"
  }
  ]
  })

My web server is (include version):Apache 2.2.15 (Unix)

The operating system my web server runs on is (include version): RHEL 6.2

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The /.well-known/acme-challenge/ folder needs to be handled locally (where dehydrated runs).

If you have the alias_module loaded, you could use something like:

<virtualhost *:80>
servername panchayat.gov.in
serveralias www.panchayat.gov.in
alias /.well-known/acme-challenge/ /my/local/challenge/folder/
…
</virtualhost>

NOTE: Upon success, the new cert will be located in the apache "proxy" system running dehydrated.
And you will be able to use:
https://panchayat.gov.in/ & https://www.panchayat.gov.in/ from the Internet through the (reverse) proxy.
However, if you also need to use the new cert directly in the "other" server for (un-proxied) internal access, you may need to arrange some method of copying the cert files from the apache server to the "other" server.

alias /.well-known/acme-challenge/ /my/local/challenge/folder/

I entered the alias and am able to access the folder from outside. While executing, how can I specify that the token should be placed inside /my/local/challenge/folder/ ?

Sreejith

I think it should detect it.
In case it doesn’t, check the /etc/dehydrated/config file for WELLKNOWN variable and set it like:
WELLKNOWN=/my/local/challenge/folder

To confirm access to the new folder, please place a test.txt file as:
#locally created file
/my/local/challenge/folder/test.txt
#Internet accessible file
http://panchayat.gov.in/.well-known/acme-challenge/test.txt

returns 404 not found (80166 bytes with 8930 rows)
and [all files not found] then redirects to:
http://panchayat.gov.in/test (79458 bytes with 8930 rows)
which redirects to itself (in a loop).

Via browser, I have a loop.

Checking a non existing file I have a Bad request - http status 400:

Thanks to all. The issue was with the alias module. It is rectified and I was able to proceed further.

Thanks for the help.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.