Error getting validation data (400)

My domain is: gestion.cr-lorca.es

I ran this command: sudo bash acme.sh acme.sh --issue -d gestion.cr-lorca.es -w /var/lib/tomcat6/webapps --staging

It produced this output:
[Mon Jul 23 13:27:32 CEST 2018] ok, let’s start to verify
[Mon Jul 23 13:27:33 CEST 2018] Verifying:gestion.cr-lorca.es
[Mon Jul 23 13:27:33 CEST 2018] d=‘gestion.cr-lorca.es’
[Mon Jul 23 13:27:33 CEST 2018] keyauthorization=‘0wNWoddvg1tXqQpKov2JrcmXasFW_yMw3ekqMZ18Vko.a3MGoI-BIR66BMJbB2n27Fsu7zx8b16Ya9bQ-RdgFGE’
[Mon Jul 23 13:27:33 CEST 2018] uri=‘https://acme-staging.api.letsencrypt.org/acme/challenge/oF0ntdssDnUPWhHlCrVXyuz4uCcR1mxKe2gA5aKBmA0/151860851
[Mon Jul 23 13:27:33 CEST 2018] _currentRoot=’/var/lib/tomcat6/webapps’
[Mon Jul 23 13:27:33 CEST 2018] wellknown_path=’/var/lib/tomcat6/webapps/.well-known/acme-challenge’
[Mon Jul 23 13:27:33 CEST 2018] writing token:0wNWoddvg1tXqQpKov2JrcmXasFW_yMw3ekqMZ18Vko to /var/lib/tomcat6/webapps/.well-known/acme-challenge/0wNWoddvg1tXqQpKov2JrcmXasFW_yMw3ekqMZ18Vko
[Mon Jul 23 13:27:33 CEST 2018] Changing owner/group of .well-known to tomcat6:tomcat6
[Mon Jul 23 13:27:33 CEST 2018] url=‘https://acme-staging.api.letsencrypt.org/acme/challenge/oF0ntdssDnUPWhHlCrVXyuz4uCcR1mxKe2gA5aKBmA0/151860851
[Mon Jul 23 13:27:33 CEST 2018] payload=’{“resource”: “challenge”, “keyAuthorization”: “0wNWoddvg1tXqQpKov2JrcmXasFW_yMw3ekqMZ18Vko.a3MGoI-BIR66BMJbB2n27Fsu7zx8b16Ya9bQ-RdgFGE”}’
[Mon Jul 23 13:27:34 CEST 2018] POST
[Mon Jul 23 13:27:34 CEST 2018] _post_url=‘https://acme-staging.api.letsencrypt.org/acme/challenge/oF0ntdssDnUPWhHlCrVXyuz4uCcR1mxKe2gA5aKBmA0/151860851
[Mon Jul 23 13:27:35 CEST 2018] _CURL=‘curl -L --silent --dump-header /home/administrator/.acme.sh/http.header -g ’
[Mon Jul 23 13:27:36 CEST 2018] _ret=‘0’
[Mon Jul 23 13:27:36 CEST 2018] code=‘202’
[Mon Jul 23 13:27:36 CEST 2018] sleep 2 secs to verify
[Mon Jul 23 13:27:38 CEST 2018] checking
[Mon Jul 23 13:27:38 CEST 2018] GET
[Mon Jul 23 13:27:39 CEST 2018] url=‘https://acme-staging.api.letsencrypt.org/acme/challenge/oF0ntdssDnUPWhHlCrVXyuz4uCcR1mxKe2gA5aKBmA0/151860851
[Mon Jul 23 13:27:39 CEST 2018] timeout=
[Mon Jul 23 13:27:39 CEST 2018] _CURL=‘curl -L --silent --dump-header /home/administrator/.acme.sh/http.header -g ’
[Mon Jul 23 13:27:39 CEST 2018] ret=‘0’
[Mon Jul 23 13:27:40 CEST 2018] gestion.cr-lorca.es:Verify error:Fetching http://gestion.cr-lorca.es/.well-known/acme-challenge/0wNWoddvg1tXqQpKov2JrcmXasFW_yMw3ekqMZ18Vko: Error getting validation data
[Mon Jul 23 13:27:40 CEST 2018] pid
[Mon Jul 23 13:27:40 CEST 2018] No need to restore nginx, skip.
[Mon Jul 23 13:27:40 CEST 2018] _clearupdns
[Mon Jul 23 13:27:40 CEST 2018] skip dns.
[Mon Jul 23 13:27:41 CEST 2018] _on_issue_err
[Mon Jul 23 13:27:41 CEST 2018] Please check log file for more details: /home/administrator/.acme.sh/acme.sh.log
[Mon Jul 23 13:27:41 CEST 2018] url=‘https://acme-staging.api.letsencrypt.org/acme/challenge/oF0ntdssDnUPWhHlCrVXyuz4uCcR1mxKe2gA5aKBmA0/151860851
[Mon Jul 23 13:27:41 CEST 2018] payload=’{“resource”: “challenge”, “keyAuthorization”: “0wNWoddvg1tXqQpKov2JrcmXasFW_yMw3ekqMZ18Vko.a3MGoI-BIR66BMJbB2n27Fsu7zx8b16Ya9bQ-RdgFGE”}’
[Mon Jul 23 13:27:42 CEST 2018] POST
[Mon Jul 23 13:27:42 CEST 2018] _post_url=‘https://acme-staging.api.letsencrypt.org/acme/challenge/oF0ntdssDnUPWhHlCrVXyuz4uCcR1mxKe2gA5aKBmA0/151860851
[Mon Jul 23 13:27:42 CEST 2018] _CURL='curl -L --silent --dump-header /home/administrator/.acme.sh/http.header -g ’
[Mon Jul 23 13:27:44 CEST 2018] _ret=‘0’
[Mon Jul 23 13:27:44 CEST 2018] code=‘400’

My web server is (include version): Tomcat 6.0.24
The operating system my web server runs on is (include version): Ubuntu 10.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Hi @jpp1jpp1

your webserver produces "mysterious data".

Calling (loading the page and showing the header)

download http://gestion.cr-lorca.es/.well-known/acme-challenge/123 -h

it answers with

Section=ResponseStatusLine, ServerProtocolViolation

normally, it should produce a http-status 404, because the file 123 does not exist.

Loading the same url per Browser or the root http://gestion.cr-lorca.es/ - there is a file to download with no real content.

So Letsencrypt can't fetch your validation file.

Yes I noticed that when I pasted the challenge URL in my browser. Looks like there’s a problem with Http(80) config.

I think to recall the client only wanted SSL so he didn’t redirect port 80 to my internal http port, will ask him to do.

Oh, yes:

https://gestion.cr-lorca.es:80/

works partial, the self-signed certificate is shown. So you have a https-port on port 80.

I’m not sure I understand you. So you think what I posted might not be the solution?

It's not the solution, it's the problem you have to fix.

Your webserver sends https over the http-Port 80. So

https://gestion.cr-lorca.es:80/

works. But your webserver has to send http over Port 80. Your https-configuration is wrong (sends https over Port 80 and Port 443, must send https only over port 443) and your http-configuration is missing.

So add a normal http-configuration and remove the https over port 80.

Edit: http://gestion.cr-lorca.es:80/ must work

PS: Or your internal redirect is wrong, you send queries port 80 to port 443.

http://Local_Ip:8080 works on LAN, It has to be a problem at the router mapping, isn’t it?

Yes. If your http + https and ports internal correct, then it's a problem of your router mapping.

From outside, I can't see if it is a router or a webserver problem.

Thx, will update when they change the mapping.

Update: They changed the mapping, now I’m getting the certificate

Now you have three certificates:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:gestion.cr-lorca.es&lu=cert_search

You can only have max. 5 certificates with the same set of domain names in 7 days.

If you want to test additional things, use the test system instead. This has it's own limit and starts with 0.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.