Http-01 challenge change every time

ILP · December 8, 2019, 4:16pm

Hello,
I am using a Synology NAS version DSM 5.2-5967 Update 9. Unfortunately, it is impossible for me to install certbot on it. So I'm trying to get my certificate from another computer. But I have a problem with the "http challenge". I have access to the files in the "http://maison.ilp-web.net/.well-known/acme-challenge/" folder, but I can't figure out which file to create and with what content before the challenge is completed. And this one changes with each of my attempts. Anyone have a solution so I can create the file before?
Thank you.

My domain is: maison.ilp-web.net

I ran this command: sudo certbot certonly --standalone -d maison.ilp-web.net --preferred-challenges http

It produced this output:

Some challenges have failed.

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: maison.ilp-web.net
Type: unauthorized
Detail: Invalid response from
http://maison.ilp-web.net/.well-known/acme-challenge/nKk8Wt0sflBbVXE7QkZQziS8YOPxs1ScL21nensBKGI
[176.154.189.221]: "\n\n\n <meta
charset="utf-8">\n <title id="a">The page is not
found\n body{display"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

I can login to a root shell on my machine (yes or no, or I don't know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.36.0

JuergenAuer · December 8, 2019, 4:54pm

Hi @ILP

your setup is a little bit curious. And the challenge file changes, that's required. New order -> new token -> new file.

Add

--debug-challenges

to your command, then Certbot waits. So you can copy the validation file.

See

https://certbot.eff.org/docs/using.html

ILP · December 8, 2019, 5:32pm

Hello,
I already tried the command:
sudo certbot certonly --standalone -d maison.ilp-web.net --preferred-challenges http --debug-challenge --verbose
I can find the name of the file, but the text it should contain is not found .

Here what I have before the challenge:

{
"identifier": {
"type": "dns",
"value": "maison.ilp-web.net"
},
"status": "pending",
"expires": "2019-12-15T16:58:38Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/1619802109/5s6big",
"token": "0jKcu-xNJfLHd8f-C0QoD1IzLlfC-S4ecwEW1TSxBUk"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/1619802109/jZNTjw",
"token": "0jKcu-xNJfLHd8f-C0QoD1IzLlfC-S4ecwEW1TSxBUk"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/1619802109/_gbJXQ",
"token": "0jKcu-xNJfLHd8f-C0QoD1IzLlfC-S4ecwEW1TSxBUk"
}
]
}

And here the reply with the error:

{
"identifier": {
"type": "dns",
"value": "maison.ilp-web.net"
},
"status": "invalid",
"expires": "2019-12-15T16:58:38Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "The key authorization file from the server did not match this challenge \"0jKcu-xNJfLHd8f-C0QoD1IzLlfC-S4ecwEW1TSxBUk.4z4CyH7RILpeWPcbx3sRJpzr5hrC1PWObZKO-CUa72k\" != \"0jKcu-xNJfLHd8f-C0QoD1IzLlfC-S4ecwEW1TSxBUk\"",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/1619802109/5s6big",
"token": "0jKcu-xNJfLHd8f-C0QoD1IzLlfC-S4ecwEW1TSxBUk",
"validationRecord": [
{
"url": "http://maison.ilp-web.net/.well-known/acme-challenge/0jKcu-xNJfLHd8f-C0QoD1IzLlfC-S4ecwEW1TSxBUk",
"hostname": "maison.ilp-web.net",
"port": "80",
"addressesResolved": [
"176.154.189.221"
],
"addressUsed": "176.154.189.221"
}
]
},
{
"type": "dns-01",
"status": "invalid",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/1619802109/jZNTjw",
"token": "0jKcu-xNJfLHd8f-C0QoD1IzLlfC-S4ecwEW1TSxBUk"
},
{
"type": "tls-alpn-01",
"status": "invalid",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/1619802109/_gbJXQ",
"token": "0jKcu-xNJfLHd8f-C0QoD1IzLlfC-S4ecwEW1TSxBUk"
}
]
}
Storing nonce: 0101INUPC3tmpEDF9yHW_-OkQVFbftq4u8qkcu4oi8k-A1w
Challenge failed for domain maison.ilp-web.net

Some challenges have failed.

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: maison.ilp-web.net
Type: unauthorized
Detail: The key authorization file from the server did not match
this challenge
"0jKcu-xNJfLHd8f-C0QoD1IzLlfC-S4ecwEW1TSxBUk.4z4CyH7RILpeWPcbx3sRJpzr5hrC1PWObZKO-CUa72k"
!= "0jKcu-xNJfLHd8f-C0QoD1IzLlfC-S4ecwEW1TSxBUk"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

JuergenAuer · December 8, 2019, 5:39pm

Why do you create the file manual? Copy it.

There you see the required result:

0jKcu-xNJfLHd8f-C0QoD1IzLlfC-S4ecwEW1TSxBUk.4z4CyH7RILpeWPcbx3sRJpzr5hrC1PWObZKO-CUa72k

First part is the token. Followed by a dot. Then follows a hash value of your account key. That's always the same, so you can re-use that part.

.4z4CyH7RILpeWPcbx3sRJpzr5hrC1PWObZKO-CUa72k

ILP · December 8, 2019, 5:44pm

Thank you for your reply. It work!

system · January 7, 2020, 5:44pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Seeking technical clarification on certbot certificate creation using DNS-01 and HTTP-01 challenge Issuance Tech	21	1775	August 18, 2023
DNS-01 challenge - CNAME/TXT Record incorrect Issue Help	4	2080	April 16, 2021
Challenge failed on the Certbot renew certificate Help	17	915	January 11, 2021
LetsEncrypt Challenge failed for domain when i try to get Certbot certificate Help	7	7890	July 9, 2023
HTTP-01 challenge failed Help	8	734	April 19, 2022

Http-01 challenge change every time

Related topics