First time user, but Domain has used it before (Invalid Token)

My domain is: http:\www.personnelplus-nv.com

I ran this command:
certbot certonly --email guy.shepperd@atb-technologies.com --agree-tos --standalone --preferred-challenges http-01 -d personnelplus-nv.com

It produced this output:

Saving debug log to C:\Certbot\log\letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Requesting a certificate for personnelplus-nv.com
Performing the following challenges:
http-01 challenge for personnelplus-nv.com
Waiting for verification...
←[31mChallenge failed for domain personnelplus-nv.com←[0m
http-01 challenge for personnelplus-nv.com
Cleaning up challenges
←[31mSome challenges have failed.←[0m
←[1m
IMPORTANT NOTES:
←[0m - The following errors were reported by the server:

Domain: personnelplus-nv.com
Type: unauthorized
Detail: Invalid response from
https://personnelplus-nv.com/.well-known/acme-challenge/e4z5OD4lTwthq8g47AfZ5LJT75g4wge0MSHU-P29Qm8
[107.180.55.229]: "\n\n404 Not
Found\n\n

Not Found

\n<p"

My web server is (include version): Linux

The operating system my web server runs on is (include version): (go daddy, Not sure)

My hosting provider, if applicable, is: Go-Daddy

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): i am using cpanel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.11.0

Here is my dilemma, i am using a windows server to obtain the certificate, and will transfer it via the cpanel.

the issue is that in the web folder from a previous certificate from a previous ISP. there is a folder
/public_html/personnelplus-nv.com/.well-known/acme-challenge]

with a token in it.

How do i replace that token with a new one? that was created for my account? and on a windows installation where is that token created?

any help or pointing in the right direction would be appreciated.

thanks
Guy

2 Likes

That is a red herring.
The token there is probably old and was just never deleted.
But I can assure you that it isn't being used by anything anymore.
New tokens are created and used each time you run an ACME client.

Now on to your problem...

The certbot command shown uses --standalone
This forces certbot to spin up a web server to respond to the HTTP challenge.
But I see that the failed request is for an HTTPS path.
That implies that something heard the HTTP request and redirected it to HTTPS
[NOT certbot]
So...
Either:

  • There is something inline that is catching the HTTP requests and redirecting them to HTTPS
    or
  • The IP returned by DNS doesn't match/reach your destination and it is connecting to a completely different server.

Do you have an Apache server at that IP?

curl -I personnelplus-nv.com
HTTP/1.1 302 Found
Date: Thu, 28 Jan 2021 04:45:13 GMT
Server: Apache
Location: https://personnelplus-nv.com/
Cache-Control: max-age=172800
Expires: Sat, 30 Jan 2021 04:45:13 GMT
Content-Type: text/html; charset=iso-8859-1

Are you running certbot at that IP?

Name:    personnelplus-nv.com
Address: 107.180.55.229

Name:    www.personnelplus-nv.com
Address: 107.180.55.229

You mention:

But Apache is quite uncommon for Windows servers...
So I have my doubts.

2 Likes

I was hoping to create the Cert than copy it up to GoDaddy.
Godaddy doesn't support autorenewal, i would be interested if anyone has it working on Godaddy.

2 Likes

Welcome to the Let's Encrypt Community, Guy :slightly_smiling_face:

My colleague @rg305 notified me about your plight since I'm the "resident GoDaddy guy".

When using an http-01 challenge to verify ownership of a domain name, the A/AAAA record(s) in the DNS zone for that domain name must be pointed at the IP address of the server where you are running your ACME client (e.g. certbot). I'm highly doubting that you are temporarily pointing your domain name at your Windows machine to act as your website. You will need to use a manual dns-01 challenge in this scenario that requires adding TXT records to your DNS zone.

certbot certonly --manual --preferred-challenges dns -d "personnelplus-nv.com,www.personnelplus-nv.com"


By the way, I'm in the last stages of revamping my own ACME client that is specifically tailored to GoDaddy users of cPanel. It's much easier to use than certbot for this purpose and can be run directly from your GoDaddy webserver in your web browser with an easy interface. It should be fully available within a week. :slightly_smiling_face:

1 Like

Thank you! and you are totally correct, i didnt point the dns to my Home server. :stuck_out_tongue:

If you need someone to test, i am available to test for you, After this website, i have 5 others to do the same with.

3 Likes

I will certainly notify you so you can be one of the first. :wink:

I'm hoping to finish the last refinements today and have it rolled out for public testing by Thursday.

2 Likes

Sweet. Let me know if i can donate. I truly appreciate the work, very large need!

2 Likes

Absolutely. I'm setting up donations soon and it's most appreciated. It's a LOT of work, but it's worth it to help make lives much more secure (and easier). :slightly_smiling_face:

2 Likes

how goes it ? are we abel to do a beta test yet?

1 Like

Should be public in the next day or two. Let's Encrypt had a significant outage at the end of last week that delayed things. My client is working though, so I may get you started early. :wink: Look for a message from me later today.

1 Like

roger that, i will be happy to test it out :stuck_out_tongue: Looking forward to talking to you

1 Like

This client is intended for simple usage, so let me verify something first. Are your shared hosting instances only hosting a single domain each with the standard subdomains?

1 Like

i am using cpanel with godaddy, single domain single host ( Deluxe linux plan)

1 Like

Perfect. :smiley:

I'll be in touch sometime later today.

2 Likes

It's fully functional. :partying_face: After dinner I'll finish getting the donation links in order then send you a copy to test.

1 Like

Fully functional as in "it worked successfully for @Shepp"?

1 Like

Not yet, but I believe it will. :slightly_smiling_face:

2 Likes

This worked excellently! Very good interface and experience. Thank you! Highly recommend using this if you are using godaddy.

_Shepp

3 Likes

How many Bitcoins did @griffin pay you for saying that? :grinning_face_with_smiling_eyes: :rofl:

3 Likes

Thanks for the rave review! :smiley:

It means a lot to know that all the effort has been worthwhile!

:confetti_ball:

2 Likes