First time user, but Domain has used it before (Invalid Token)

Shepp · January 28, 2021, 3:52am

My domain is: http:\www.personnelplus-nv.com

I ran this command:
certbot certonly --email guy.shepperd@atb-technologies.com --agree-tos --standalone --preferred-challenges http-01 -d personnelplus-nv.com

It produced this output:

Saving debug log to C:\Certbot\log\letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Requesting a certificate for personnelplus-nv.com
Performing the following challenges:
http-01 challenge for personnelplus-nv.com
Waiting for verification...
←[31mChallenge failed for domain personnelplus-nv.com←[0m
http-01 challenge for personnelplus-nv.com
Cleaning up challenges
←[31mSome challenges have failed.←[0m
←[1m
IMPORTANT NOTES:
←[0m - The following errors were reported by the server:

Domain: personnelplus-nv.com
Type: unauthorized
Detail: Invalid response from
https://personnelplus-nv.com/.well-known/acme-challenge/e4z5OD4lTwthq8g47AfZ5LJT75g4wge0MSHU-P29Qm8
[107.180.55.229]: "\n\n404 Not
Found\n\n

Not Found

\n<p"

My web server is (include version): Linux

The operating system my web server runs on is (include version): (go daddy, Not sure)

My hosting provider, if applicable, is: Go-Daddy

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): i am using cpanel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.11.0

Here is my dilemma, i am using a windows server to obtain the certificate, and will transfer it via the cpanel.

the issue is that in the web folder from a previous certificate from a previous ISP. there is a folder
/public_html/personnelplus-nv.com/.well-known/acme-challenge]

with a token in it.

How do i replace that token with a new one? that was created for my account? and on a windows installation where is that token created?

any help or pointing in the right direction would be appreciated.

thanks
Guy

rg305 · January 28, 2021, 4:48am

That is a red herring.
The token there is probably old and was just never deleted.
But I can assure you that it isn't being used by anything anymore.
New tokens are created and used each time you run an ACME client.

Now on to your problem...

The certbot command shown uses --standalone
This forces certbot to spin up a web server to respond to the HTTP challenge.
But I see that the failed request is for an HTTPS path.
That implies that something heard the HTTP request and redirected it to HTTPS
[NOT certbot]
So...
Either:

There is something inline that is catching the HTTP requests and redirecting them to HTTPS
or
The IP returned by DNS doesn't match/reach your destination and it is connecting to a completely different server.

Do you have an Apache server at that IP?

curl -I personnelplus-nv.com
HTTP/1.1 302 Found
Date: Thu, 28 Jan 2021 04:45:13 GMT
Server: Apache
Location: https://personnelplus-nv.com/
Cache-Control: max-age=172800
Expires: Sat, 30 Jan 2021 04:45:13 GMT
Content-Type: text/html; charset=iso-8859-1

Are you running certbot at that IP?

Name:    personnelplus-nv.com
Address: 107.180.55.229

Name:    www.personnelplus-nv.com
Address: 107.180.55.229

You mention:

But Apache is quite uncommon for Windows servers...
So I have my doubts.

Shepp · February 2, 2021, 3:46pm

I was hoping to create the Cert than copy it up to GoDaddy.
Godaddy doesn't support autorenewal, i would be interested if anyone has it working on Godaddy.

griffin · February 2, 2021, 4:09pm

Welcome to the Let's Encrypt Community, Guy

My colleague @rg305 notified me about your plight since I'm the "resident GoDaddy guy".

When using an http-01 challenge to verify ownership of a domain name, the A/AAAA record(s) in the DNS zone for that domain name must be pointed at the IP address of the server where you are running your ACME client (e.g. certbot). I'm highly doubting that you are temporarily pointing your domain name at your Windows machine to act as your website. You will need to use a manual dns-01 challenge in this scenario that requires adding TXT records to your DNS zone.

certbot certonly --manual --preferred-challenges dns -d "personnelplus-nv.com,www.personnelplus-nv.com"

By the way, I'm in the last stages of revamping my own ACME client that is specifically tailored to GoDaddy users of cPanel. It's much easier to use than certbot for this purpose and can be run directly from your GoDaddy webserver in your web browser with an easy interface. It should be fully available within a week.

Shepp · February 2, 2021, 4:19pm

Thank you! and you are totally correct, i didnt point the dns to my Home server.

If you need someone to test, i am available to test for you, After this website, i have 5 others to do the same with.

griffin · February 2, 2021, 4:21pm

I will certainly notify you so you can be one of the first.

I'm hoping to finish the last refinements today and have it rolled out for public testing by Thursday.

Shepp · February 2, 2021, 4:36pm

Sweet. Let me know if i can donate. I truly appreciate the work, very large need!

griffin · February 2, 2021, 4:37pm

Absolutely. I'm setting up donations soon and it's most appreciated. It's a LOT of work, but it's worth it to help make lives much more secure (and easier).

Shepp · February 9, 2021, 4:02pm

how goes it ? are we abel to do a beta test yet?

griffin · February 9, 2021, 4:07pm

Should be public in the next day or two. Let's Encrypt had a significant outage at the end of last week that delayed things. My client is working though, so I may get you started early. Look for a message from me later today.

Shepp · February 9, 2021, 4:39pm

roger that, i will be happy to test it out Looking forward to talking to you

griffin · February 9, 2021, 4:42pm

This client is intended for simple usage, so let me verify something first. Are your shared hosting instances only hosting a single domain each with the standard subdomains?

Shepp · February 9, 2021, 5:39pm

i am using cpanel with godaddy, single domain single host ( Deluxe linux plan)

griffin · February 9, 2021, 6:44pm

Perfect.

I'll be in touch sometime later today.

griffin · February 10, 2021, 3:38am

It's fully functional. After dinner I'll finish getting the donation links in order then send you a copy to test.

schoen · February 10, 2021, 5:24am

Fully functional as in "it worked successfully for @Shepp"?

griffin · February 10, 2021, 6:28am

Not yet, but I believe it will.

Shepp · February 10, 2021, 8:45pm

This worked excellently! Very good interface and experience. Thank you! Highly recommend using this if you are using godaddy.

_Shepp

Osiris · February 10, 2021, 9:11pm

How many Bitcoins did @griffin pay you for saying that?

griffin · February 10, 2021, 9:11pm

Thanks for the rave review!

It means a lot to know that all the effort has been worthwhile!

Topic		Replies	Views
Letsencrypt challenge failed Help	4	968	July 29, 2022
Challange / token not copied to .well-known Help	30	272	January 17, 2025
Error issuing certificate Help	13	12748	October 27, 2018
Each time I try to copy the _acme-challenge code, I am lost and the procedure quits, now too many attempts Help	27	749	April 1, 2023
Challenge failed for domain Help	12	1444	December 31, 2020

First time user, but Domain has used it before (Invalid Token)

Not Found

Related topics