Failing Challenge on request

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: truthinequity.com

I ran this command: ./letsencrypt-auto certonly --webroot -w /home/wwwtruth/public_html -d truthinequity.com -d www.truthinequity.com

It produced this output: Domain: truthinequity.com
Type: unauthorized
Detail: Invalid response from
http://truthinequity.com/.well-known/acme-challenge/eqTH0F0_7bGdC6-IBXJJN5CKoAQc6CZXg4BmYz99Jmc
[2606:4700:30::681f:4995]: “\n<html class=”"
xmlns=“http://www.w3.org/1999/xhtml
lang=“en-US”>\n\n<link rel=“icon” href="/favicon.ico"
ty"

Domain: www.truthinequity.com
Type: unauthorized
Detail: Invalid response from
https://truthinequity.com/.well-known/acme-challenge/fAEuQ9emhY_A_pQTcOi_tPewV6BFFfKVqHYakA228XA
[2606:4700:30::681f:4995]: “\n<html class=”"
xmlns=“https://www.w3.org/1999/xhtml
lang=“en-US”>\n\n<link rel=“icon” href="/favicon.ico"
t"

My web server is (include version): Apache/2.4.18

The operating system my web server runs on is (include version): CentOS 6.10

My hosting provider, if applicable, is: HostGator

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.0.0

So, the site is going to be moved to a nice new AWS Ubuntu 18.04 server (certbot already installed), but the current site is running behind CloudFlare so they host the NS records, and I am not sure if this is the problem, but when I try to certify I get that unauthorized error. The plan is to remove CloudFlare, run local as the site get’s migrated, so any help on the above is appreciated.

You need to be sure that is the path in use.
You can do so by placing a testfile at that location.
echo 'testfile1' > /home/www/truth/public_html/testfile1
And ensure that can be reached via:

If that fails, that is definitely NOT the webroot in use.
I that works, then go one step further and test the full challenge path:
[may require path creation - included in example below]
mkdir /home/www/truth/public_html/.well-known/
mkdir /home/www/truth/public_html/.well-known/acme-challenge/
echo 'testfile2' > /home/www/truth/public_html/.well-known/acme-challenge/testfile2
Then ensure that second testfile can be reached via:

One or both of those are failing [or your would already have a cert]
Please reply with which fail and any other findings.

Hi @lance

there

you see a part of the problem. Checking your domain - https://check-your-website.server-daten.de/?q=truthinequity.com

you have ipv4 and ipv6:

But there are different answers:

Sample:

• http://truthinequity.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2606:4700:30::681f:4995
	302
	http://truthinequity.com/blocked.php
	0.610
	D
Visible Content:

• http://truthinequity.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
104.31.72.149 GZip used - 31027 / 174800 - 82,25 %
Inline-JavaScript (∑/total): 23/21550 Inline-CSS (∑/total): 6/128410	404
	
Html is minified: 753,64 %	2.687
	A
Not Found

http + non-www + ipv6 - http status 302 - Redirect
http + non-www + ipv4 - http status 404 - Not Found

So first step:

  • remove your ipv6 (or, better)
  • fix your ipv6 configuration, so you don't have any Grade K

Checking your domain Letsencrypt prefers ipv6, so that's critical.

ok, the above steps did confirm I had the right public, but didn’t even think about ipV6 as I didn’t set up the domain.

Great find, I will have a look at that today and report back.

Thanks for the great info.