Invalid challenge

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: listen.kapdome.com

I ran this command: ./docker.h update

It produced this output:
Challenge validation failed: 2606:4700:3036::ac43:d884: Invalid response from
http://listen.kapdome.com/.well-known/acme-challenge/f

My web server is (include version):
docker

The operating system my web server runs on is (include version):
docker (ubuntu)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): IDK

  1. I use Cloud Flare
  2. I use NPM (Proxy Manager) >> it's seems the resolving problem
  3. I use lets encrypt with ACME CA

Hi @kapdome, and welcome to the LE community forum :slight_smile:

This can cause problems when not configured correctly.
I don't use CF, so I can't advise you on that; But it needs to allow the challenge requests to reach your server.

I have no idea why anyone would use this software.
I like nginx, but NPM is useless and causes more trouble than it solves.

Troubleshooting advice:

  • check your nginx logs and see if the challenge requests make it to your server.
    If yes, then NPM (or the nginx config) may be to blame.
    Note: CF will redirect HTTP to HTTPS [which may be unexpected by your system/ACME client].
    If no, then CF is to blame, and it needs to be set correctly.
6 Likes
  1. It seems the problem : https://community.cloudflare.com/t/lets-encrypt-acme-challenge-problem/258024/4
  1. NPM logs : proxy-app-1 | [12/10/2022] [3:21:11 PM] [SSL ] › :information_source: info Renewing SSL certs close to expiry...
    proxy-app-1 | [12/10/2022] [3:21:11 PM] [IP Ranges] › :information_source: info Fetching IP Ranges from online services...
    proxy-app-1 | [12/10/2022] [3:21:11 PM] [IP Ranges] › :information_source: info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
    proxy-app-1 | [12/10/2022] [3:21:11 PM] [IP Ranges] › :information_source: info Fetching https://www.cloudflare.com/ips-v4
    proxy-app-1 | [12/10/2022] [3:21:11 PM] [IP Ranges] › :information_source: info Fetching https://www.cloudflare.com/ips-v6
    proxy-app-1 | [12/10/2022] [3:21:11 PM] [Nginx ] › :information_source: info Reloading Nginx
    proxy-app-1 | [12/10/2022] [3:21:13 PM] [Nginx ] › :information_source: info Reloading Nginx
    proxy-app-1 | [12/10/2022] [3:21:13 PM] [SSL ] › :information_source: info Renew Complete
    proxy-app-1 | [12/10/2022] [4:21:11 PM] [SSL ] › :information_source: info Renewing SSL certs close to expiry...
    proxy-app-1 | [12/10/2022] [4:21:12 PM] [Nginx ] › :information_source: info Reloading Nginx
    proxy-app-1 | [12/10/2022] [4:21:12 PM] [SSL ] › :information_source: info Renew Complete
    proxy-app-1 | [12/10/2022] [5:21:11 PM] [SSL ] › :information_source: info Renewing SSL certs close to expiry...
    proxy-app-1 | [12/10/2022] [5:21:12 PM] [Nginx ] › :information_source: info Reloading Nginx
    proxy-app-1 | [12/10/2022] [5:21:12 PM] [SSL ] › :information_source: info Renew Complete

because we don't have knowledge about the way to configure Nginx

Then this is a problem...
A web site without qualified administration will inevitably fail.

7 Likes

yes it's just something around few seconds, this is what is very frustrating (hours and hours) for a few seconds of configuration

But it usually takes many years to get where one can do anything in just a few seconds...

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.