Error getting validation data

I am trying to renew my certificate (which has been done several times before, with no issue). See below for details of the error. What is strange is the website address being used for verification - consertum.com.well-known - why is the ‘/’ missing after “.com”?

My domain is:
consertum.com

I ran this command:
sudo /usr/local/bin/certbot-auto renew

It produced this output:
Domain: consertum.com
Type: connection
Detail: Fetching
https://consertum.com.well-known/acme-challenge/_E7klEpZiNPAOxneUA-krwrGa-nEwFlIGKXazauHwUc:
Error getting validation data

My web server is (include version):
Apache 2.4.33

The operating system my web server runs on is (include version):
Linux

My hosting provider, if applicable, is:
Amazon AWS

Hi @derekPrivate,

Can you share your Apache server configuration? This is usually caused by a broken HTTP->HTTPS redirect rule that omits a required slash.

Thanks!

Thanks for the hint - yes that looks like the problem. I recently added http->https redirection and it looked like it was working.

However, I can’t test again at the moment, as I am hitting a rate limit (I guess I had too many failures when trying to resolve the problem!).

I’ll confirm when I am able to run again (I think it is 1 hour for failures).

Thanks again for your (amazingly quick) help (especially on a Sunday!).

No problem You're certainly not the first person to have this problem! We have an open issue on Boulder (the Let's Encrypt server-side software) to make this clearer that I hope we'll have time to address soon: Better validation error when URL redirects to https://example.com.well-known/ · Issue #3606 · letsencrypt/boulder · GitHub

You're correct - that should be clear in 1 hour.

For next time (or if you want to try right away) you can test your deployment with our staging environment. It has more generous rate limits to allow for testing and fixes

Happy to help!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.