Error: Invalid response

Hello everyone

My domain is: jlpcrew.net

I ran this command: ./letsencrypt-auto certonly --renew-by-default -d JLPCrew.net (--dry-run)

It produced this output:

Select the appropriate number [1-4] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator apache, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for jlpcrew.net
Enabled Apache rewrite module
^[[A^[[AWaiting for verification...
Challenge failed for domain jlpcrew.net
http-01 challenge for jlpcrew.net
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: jlpcrew.net
   Type:   unauthorized
   Detail: Invalid response from
   http://jlpcrew.net/.well-known/acme-challenge/yvDIUHuIC832hdW8tsEDyuzjUP8Q1WmeT9dZig4GtUU
   [45.88.110.147]: "<!DOCTYPE html><html><title></title><script>var
   y=window</script><script>var
   x={o:'tsEDyuzjUP8Q1WmeT9dZig4GtUU',t:'/bVbKY/.well-"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version): Apache/2.4.10

The operating system my web server runs on is (include version): Debian GNU/Linux 8

My hosting provider, if applicable, is: living-bots

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): //

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.9.0

Merry Christmas!

1 Like

Your redirection is breaking the authentication path.

curl -Iki jlpcrew.net
HTTP/1.1 302 Found
Connection: close
Pragma: no-cache
cache-control: no-cache
Location: /hMRKa/

curl -Iki jlpcrew.net/.well-known/acme-challenge/test-1234
HTTP/1.1 302 Found
Connection: close
Pragma: no-cache
cache-control: no-cache
Location: /YkpWP/.well-known/acme-challenge/test-1234

But it seems to come and go (randomly):

curl -Iki jlpcrew.net/.well-known/acme-challenge/test-12345
HTTP/1.1 302 Found
Connection: close
Pragma: no-cache
cache-control: no-cache
Location: /.well-known/acme-challenge/test-12345

curl -Iki jlpcrew.net/.well-known/acme-challenge/test-123456
HTTP/1.1 302 Found
Connection: close
Pragma: no-cache
cache-control: no-cache
Location: /gWQMQ/.well-known/acme-challenge/test-123456
1 Like

Hi @justinletsplay

there are checks of your domain - https://check-your-website.server-daten.de/?q=jlpcrew.net#url-checks

Checking /.well-known/acme-challenge/random-filename that looks like a bot-detection/blocking script:

<!DOCTYPE html><html><title></title><script>var y=window</script>
<script>var x={o:'/11111RmMNe/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de',c:1},z=5;function rsu(h){return(x.o).substr(0,x.c)+(x.o).substr(x.c+h)}y.location.assign(rsu(z))</script></html>

Remove that script if you want to use http validation.

But: That's not your error, there is no random value inserted.

So your Apache config may be buggy.

What says

apachectl -S
1 Like

apachectl -S shows:

AH00558: apache2: Could not reliably determine the server's fully qualified doma                                                                                                                                                             in name, using 46.251.239.128. Set the 'ServerName' directive globally to suppre                                                                                                                                                             ss this message
VirtualHost configuration:
*:80                   46.251.239.128 (/etc/apache2/sites-enabled/000-default.co                                                                                                                                                             nf:1)
*:443                  46.251.239.128 (/etc/apache2/sites-enabled/default-ssl.co                                                                                                                                                             nf:2)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex watchdog-callback: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

And 46.251.239.128 is the old ip :face_with_raised_eyebrow:
We had a server move / change of the ip a few weeks ago, ordered by the hoster.

1 Like

That's fatal. Not the old ip.

Fatal: There is no matching port 80 vHost with your domain name.

Create one.

That's required if --apache is used.

1 Like

I did it ,the error is still there.

1 Like