HTTP-01 Challenge - Crypt LE Invalid Response 204

#1

My domain is:
http://chengarda.com

I ran this command:
le64.exe --key account.key --email “” --csr domain.csr --csr-key domain.key --crt domain.crt --domains “*www.chengarda.com, *chengarda.dev” --generate-missing --path “C:<redacted>\tomcat\webapps.well-known\acme-challenge”

It produced this output:

    2019/02/22 11:00:59 [ ZeroSSL Crypt::LE client v0.32 started. ]
    2019/02/22 11:00:59 Generating a new account key
    2019/02/22 11:01:01 Account key generated.
    2019/02/22 11:01:01 Saving generated account key into account.key
    2019/02/22 11:01:01 Generating a new CSR for domains chengarda.com
    2019/02/22 11:01:01 New CSR will be based on a generated key
    2019/02/22 11:01:01 CSR generated.
    2019/02/22 11:01:01 Saving a new CSR into domain.csr
    2019/02/22 11:01:01 Saving a new CSR key into domain.key
    2019/02/22 11:01:01 Account email has been set to '<redacted>'
    2019/02/22 11:01:02 API version is set to 1.
    2019/02/22 11:01:02 Directory loaded successfully.
    2019/02/22 11:01:02 Registering the account key
    2019/02/22 11:01:02 New key is now registered, reg path: https://acme-staging.api.letsencrypt.org/acme/reg/8325436. You need to accept TOS at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
    2019/02/22 11:01:02 Account ID: 8325436
    2019/02/22 11:01:02 Registration success: TOS change status - 1, new registration flag - 1.
    2019/02/22 11:01:02 The key has been successfully registered. ID: 8325436
    2019/02/22 11:01:02 Make sure to check TOS at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
    2019/02/22 11:01:03 Accepted TOS.
    2019/02/22 11:01:03 Current contact details: <redacted>
    2019/02/22 11:01:03 Requesting challenge.
    2019/02/22 11:01:03 Received challenges for chengarda.com.
    2019/02/22 11:01:03 Requested challenges for 1 domain(s).
    2019/02/22 11:01:03 Successfully saved a challenge file 'C:\<redacted>\tomcat\webapps\.well-known\acme-challenge/xAgVpvDRDy44k5WtX4-3JI1Ljd1bp_6I9ftf0OhKLFU' for domain 'chengarda.com'
    2019/02/22 11:01:03 Accepted challenges for 1 domain(s).
    2019/02/22 11:01:04 Directory loaded successfully.
    2019/02/22 11:01:06 Domain verification results for 'chengarda.com': error. Invalid response from http://chengarda.com/.well-known/acme-challenge/xAgVpvDRDy44k5WtX4-3JI1Ljd1bp_6I9ftf0OhKLFU [2607:f1c0:100f:f000::2df]: 204
    2019/02/22 11:01:06 You can now delete the 'C:\<redacted>\tomcat\webapps\.well-known\acme-challenge/xAgVpvDRDy44k5WtX4-3JI1Ljd1bp_6I9ftf0OhKLFU' file.
    2019/02/22 11:01:06 Domain chengarda.com has failed verification (status code 202).
    2019/02/22 11:01:06 All verifications failed
    2019/02/22 11:01:06 All verifications failed

My web server is (include version):
Apache Tomcat 9.0.16

The operating system my web server runs on is (include version):
Windows Server 2019 Datacentre

My hosting provider, if applicable, is:
AWS

I can login to a root shell on my machine (yes or no, or I don’t know):
CMD as Administrator, yes.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is:
Crypt-LE / le64.exe v0.32.1: https://github.com/do-know/Crypt-LE/releases

I’ve left that challenge file in place, and below is the results from running wget http://chengarda.com/.well-known/acme-challenge/xAgVpvDRDy44k5WtX4-3JI1Ljd1bp_6I9ftf0OhKLFU in powershell:

StatusCode        : 200
StatusDescription :
Content           : {120, 65, 103, 86...}
RawContent        : HTTP/1.1 200
                    Accept-Ranges: bytes
                    Content-Length: 87
                    Date: Fri, 22 Feb 2019 11:03:51 GMT
                    ETag: W/"87-1550833263836"
                    Last-Modified: Fri, 22 Feb 2019 11:01:03 GMT
                    Server: Chengarda.dev

                    xAgVpvD...
Headers           : {[Accept-Ranges, bytes], [Content-Length, 87], [Date, Fri, 22 Feb 2019 11:03:51 GMT], [ETag,
                    W/"87-1550833263836"]...}
RawContentLength  : 87

As far as I can tell, everything looks correct, so I’m not sure why the challenge fails. Maybe a transient state? Appreciate any assistance.

#3

Looks like the incorrect AAAA record was it, thanks very much!

1 Like
#4

Is that a TYPO?
Were you actually able get a cert that covers the FQDN “*www.chengarda.com” ?

closed #5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.