Failing Challenge on request

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: truthinequity.com

I ran this command: ./letsencrypt-auto certonly --webroot -w /home/wwwtruth/public_html -d truthinequity.com -d www.truthinequity.com

It produced this output: Domain: truthinequity.com
Type: unauthorized
Detail: Invalid response from
http://truthinequity.com/.well-known/acme-challenge/eqTH0F0_7bGdC6-IBXJJN5CKoAQc6CZXg4BmYz99Jmc
[2606:4700:30::681f:4995]: “\n<html class=”"
xmlns=“http://www.w3.org/1999/xhtml
lang=“en-US”>\n\n<link rel=“icon” href="/favicon.ico"
ty"

Domain: www.truthinequity.com
Type: unauthorized
Detail: Invalid response from
https://truthinequity.com/.well-known/acme-challenge/fAEuQ9emhY_A_pQTcOi_tPewV6BFFfKVqHYakA228XA
[2606:4700:30::681f:4995]: “\n<html class=”"
xmlns=“https://www.w3.org/1999/xhtml
lang=“en-US”>\n\n<link rel=“icon” href="/favicon.ico"
t"

My web server is (include version): Apache/2.4.18

The operating system my web server runs on is (include version): CentOS 6.10

My hosting provider, if applicable, is: HostGator

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.0.0

So, the site is going to be moved to a nice new AWS Ubuntu 18.04 server (certbot already installed), but the current site is running behind CloudFlare so they host the NS records, and I am not sure if this is the problem, but when I try to certify I get that unauthorized error. The plan is to remove CloudFlare, run local as the site get’s migrated, so any help on the above is appreciated.

1 Like

You need to be sure that is the path in use.
You can do so by placing a testfile at that location.
echo 'testfile1' > /home/www/truth/public_html/testfile1
And ensure that can be reached via:
http://truthinequity.com/testfile1
If that fails, that is definitely NOT the webroot in use.
I that works, then go one step further and test the full challenge path:
[may require path creation - included in example below]
mkdir /home/www/truth/public_html/.well-known/
mkdir /home/www/truth/public_html/.well-known/acme-challenge/
echo 'testfile2' > /home/www/truth/public_html/.well-known/acme-challenge/testfile2
Then ensure that second testfile can be reached via:
http://truthinequity.com/.well-known/acme-challenge/testfile2

One or both of those are failing [or your would already have a cert]
Please reply with which fail and any other findings.

1 Like

Hi @lance

there

you see a part of the problem. Checking your domain - https://check-your-website.server-daten.de/?q=truthinequity.com

you have ipv4 and ipv6:

But there are different answers:

Sample:

• http://truthinequity.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2606:4700:30::681f:4995
	302
	http://truthinequity.com/blocked.php
	0.610
	D
Visible Content:

• http://truthinequity.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
104.31.72.149 GZip used - 31027 / 174800 - 82,25 %
Inline-JavaScript (∑/total): 23/21550 Inline-CSS (∑/total): 6/128410	404
	
Html is minified: 753,64 %	2.687
	A
Not Found

http + non-www + ipv6 - http status 302 - Redirect
http + non-www + ipv4 - http status 404 - Not Found

So first step:

  • remove your ipv6 (or, better)
  • fix your ipv6 configuration, so you don’t have any Grade K

Checking your domain Letsencrypt prefers ipv6, so that’s critical.

3 Likes

ok, the above steps did confirm I had the right public, but didn’t even think about ipV6 as I didn’t set up the domain.

Great find, I will have a look at that today and report back.

Thanks for the great info.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.