Error getting validation data (400)


#1

My domain is: gestion.cr-lorca.es

I ran this command: sudo bash acme.sh acme.sh --issue -d gestion.cr-lorca.es -w /var/lib/tomcat6/webapps --staging

It produced this output:
[Mon Jul 23 13:27:32 CEST 2018] ok, let’s start to verify
[Mon Jul 23 13:27:33 CEST 2018] Verifying:gestion.cr-lorca.es
[Mon Jul 23 13:27:33 CEST 2018] d=‘gestion.cr-lorca.es’
[Mon Jul 23 13:27:33 CEST 2018] keyauthorization=‘0wNWoddvg1tXqQpKov2JrcmXasFW_yMw3ekqMZ18Vko.a3MGoI-BIR66BMJbB2n27Fsu7zx8b16Ya9bQ-RdgFGE’
[Mon Jul 23 13:27:33 CEST 2018] uri=‘https://acme-staging.api.letsencrypt.org/acme/challenge/oF0ntdssDnUPWhHlCrVXyuz4uCcR1mxKe2gA5aKBmA0/151860851
[Mon Jul 23 13:27:33 CEST 2018] _currentRoot=’/var/lib/tomcat6/webapps’
[Mon Jul 23 13:27:33 CEST 2018] wellknown_path=’/var/lib/tomcat6/webapps/.well-known/acme-challenge’
[Mon Jul 23 13:27:33 CEST 2018] writing token:0wNWoddvg1tXqQpKov2JrcmXasFW_yMw3ekqMZ18Vko to /var/lib/tomcat6/webapps/.well-known/acme-challenge/0wNWoddvg1tXqQpKov2JrcmXasFW_yMw3ekqMZ18Vko
[Mon Jul 23 13:27:33 CEST 2018] Changing owner/group of .well-known to tomcat6:tomcat6
[Mon Jul 23 13:27:33 CEST 2018] url=‘https://acme-staging.api.letsencrypt.org/acme/challenge/oF0ntdssDnUPWhHlCrVXyuz4uCcR1mxKe2gA5aKBmA0/151860851
[Mon Jul 23 13:27:33 CEST 2018] payload=’{“resource”: “challenge”, “keyAuthorization”: “0wNWoddvg1tXqQpKov2JrcmXasFW_yMw3ekqMZ18Vko.a3MGoI-BIR66BMJbB2n27Fsu7zx8b16Ya9bQ-RdgFGE”}’
[Mon Jul 23 13:27:34 CEST 2018] POST
[Mon Jul 23 13:27:34 CEST 2018] _post_url=‘https://acme-staging.api.letsencrypt.org/acme/challenge/oF0ntdssDnUPWhHlCrVXyuz4uCcR1mxKe2gA5aKBmA0/151860851
[Mon Jul 23 13:27:35 CEST 2018] _CURL=‘curl -L --silent --dump-header /home/administrator/.acme.sh/http.header -g ’
[Mon Jul 23 13:27:36 CEST 2018] _ret=‘0’
[Mon Jul 23 13:27:36 CEST 2018] code=‘202’
[Mon Jul 23 13:27:36 CEST 2018] sleep 2 secs to verify
[Mon Jul 23 13:27:38 CEST 2018] checking
[Mon Jul 23 13:27:38 CEST 2018] GET
[Mon Jul 23 13:27:39 CEST 2018] url=‘https://acme-staging.api.letsencrypt.org/acme/challenge/oF0ntdssDnUPWhHlCrVXyuz4uCcR1mxKe2gA5aKBmA0/151860851
[Mon Jul 23 13:27:39 CEST 2018] timeout=
[Mon Jul 23 13:27:39 CEST 2018] _CURL=‘curl -L --silent --dump-header /home/administrator/.acme.sh/http.header -g ’
[Mon Jul 23 13:27:39 CEST 2018] ret=‘0’
[Mon Jul 23 13:27:40 CEST 2018] gestion.cr-lorca.es:Verify error:Fetching http://gestion.cr-lorca.es/.well-known/acme-challenge/0wNWoddvg1tXqQpKov2JrcmXasFW_yMw3ekqMZ18Vko: Error getting validation data
[Mon Jul 23 13:27:40 CEST 2018] pid
[Mon Jul 23 13:27:40 CEST 2018] No need to restore nginx, skip.
[Mon Jul 23 13:27:40 CEST 2018] _clearupdns
[Mon Jul 23 13:27:40 CEST 2018] skip dns.
[Mon Jul 23 13:27:41 CEST 2018] _on_issue_err
[Mon Jul 23 13:27:41 CEST 2018] Please check log file for more details: /home/administrator/.acme.sh/acme.sh.log
[Mon Jul 23 13:27:41 CEST 2018] url=‘https://acme-staging.api.letsencrypt.org/acme/challenge/oF0ntdssDnUPWhHlCrVXyuz4uCcR1mxKe2gA5aKBmA0/151860851
[Mon Jul 23 13:27:41 CEST 2018] payload=’{“resource”: “challenge”, “keyAuthorization”: “0wNWoddvg1tXqQpKov2JrcmXasFW_yMw3ekqMZ18Vko.a3MGoI-BIR66BMJbB2n27Fsu7zx8b16Ya9bQ-RdgFGE”}’
[Mon Jul 23 13:27:42 CEST 2018] POST
[Mon Jul 23 13:27:42 CEST 2018] _post_url=‘https://acme-staging.api.letsencrypt.org/acme/challenge/oF0ntdssDnUPWhHlCrVXyuz4uCcR1mxKe2gA5aKBmA0/151860851
[Mon Jul 23 13:27:42 CEST 2018] _CURL='curl -L --silent --dump-header /home/administrator/.acme.sh/http.header -g ’
[Mon Jul 23 13:27:44 CEST 2018] _ret=‘0’
[Mon Jul 23 13:27:44 CEST 2018] code=‘400’

My web server is (include version): Tomcat 6.0.24
The operating system my web server runs on is (include version): Ubuntu 10.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#2

Hi @jpp1jpp1

your webserver produces “mysterious data”.

Calling (loading the page and showing the header)

download http://gestion.cr-lorca.es/.well-known/acme-challenge/123 -h

it answers with

Section=ResponseStatusLine, ServerProtocolViolation

normally, it should produce a http-status 404, because the file 123 does not exist.

Loading the same url per Browser or the root http://gestion.cr-lorca.es/ - there is a file to download with no real content.

So Letsencrypt can’t fetch your validation file.


#3

Yes I noticed that when I pasted the challenge URL in my browser. Looks like there’s a problem with Http(80) config.

I think to recall the client only wanted SSL so he didn’t redirect port 80 to my internal http port, will ask him to do.


#4

Oh, yes:

https://gestion.cr-lorca.es:80/

works partial, the self-signed certificate is shown. So you have a https-port on port 80.


#5

I’m not sure I understand you. So you think what I posted might not be the solution?


#6

It’s not the solution, it’s the problem you have to fix.

Your webserver sends https over the http-Port 80. So

https://gestion.cr-lorca.es:80/

works. But your webserver has to send http over Port 80. Your https-configuration is wrong (sends https over Port 80 and Port 443, must send https only over port 443) and your http-configuration is missing.

So add a normal http-configuration and remove the https over port 80.

Edit: http://gestion.cr-lorca.es:80/ must work

PS: Or your internal redirect is wrong, you send queries port 80 to port 443.


#7

http://Local_Ip:8080 works on LAN, It has to be a problem at the router mapping, isn’t it?


#8

Yes. If your http + https and ports internal correct, then it’s a problem of your router mapping.

From outside, I can’t see if it is a router or a webserver problem.


#9

Thx, will update when they change the mapping.

Update: They changed the mapping, now I’m getting the certificate


#10

Now you have three certificates:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:gestion.cr-lorca.es&lu=cert_search

You can only have max. 5 certificates with the same set of domain names in 7 days.

If you want to test additional things, use the test system instead. This has it’s own limit and starts with 0.


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.