LE (outbound1.letsencrypt.org: 126.96.36.199) responding with “invalid” and “valid” responses for http-01 challenge - same system/same client within one hour.
Server 2012 R2
ACME POSH client - successfully requesting the same cert on the same server a couple of months ago; the issue seems to be related to a recent change on the LE side.
CN mail.5demo.com (response invalid 2/23/17 15:57 MST)
CN autodiscover.5demo.com (response valid 2/23/17 16:52 MST)
ISP: Comcast Cable
Country: United States
- CM mail.5demo.com - http-01 challenge successfully created, requested, and provided to the LE outbound1.letsencrypt.org: 188.8.131.52 server:
The LE server response is “invalid”:
The LE server response is “valid”:
In both captures we can see clearly how the LE (outbound1.letsencrypt.org: 184.108.40.206) server connects, sends a GET request for the challenge file located at the challenge folder (matching the token in the response “invalid/valid” snapshots), and receives the file with the correct content.
The wireshark captures are available here: