Invalid challenge

kapdome · December 9, 2022, 7:41pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: listen.kapdome.com

I ran this command: ./docker.h update

It produced this output:
Challenge validation failed: 2606:4700:3036::ac43:d884: Invalid response from
http://listen.kapdome.com/.well-known/acme-challenge/f

My web server is (include version):
docker

The operating system my web server runs on is (include version):
docker (ubuntu)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): IDK

I use Cloud Flare
I use NPM (Proxy Manager) >> it's seems the resolving problem
I use lets encrypt with ACME CA

rg305 · December 9, 2022, 7:52pm

Hi @kapdome, and welcome to the LE community forum

This can cause problems when not configured correctly.
I don't use CF, so I can't advise you on that; But it needs to allow the challenge requests to reach your server.

I have no idea why anyone would use this software.
I like nginx, but NPM is useless and causes more trouble than it solves.

Troubleshooting advice:

check your nginx logs and see if the challenge requests make it to your server.
If yes, then NPM (or the nginx config) may be to blame.
Note: CF will redirect HTTP to HTTPS [which may be unexpected by your system/ACME client].
If no, then CF is to blame, and it needs to be set correctly.

kapdome · December 10, 2022, 5:17pm

It seems the problem : https://community.cloudflare.com/t/lets-encrypt-acme-challenge-problem/258024/4

kapdome · December 10, 2022, 5:28pm

NPM logs : proxy-app-1 | [12/10/2022] [3:21:11 PM] [SSL ] › info Renewing SSL certs close to expiry...
proxy-app-1 | [12/10/2022] [3:21:11 PM] [IP Ranges] › info Fetching IP Ranges from online services...
proxy-app-1 | [12/10/2022] [3:21:11 PM] [IP Ranges] › info Fetching https://ip-ranges.amazonaws.com/ip-ranges.json
proxy-app-1 | [12/10/2022] [3:21:11 PM] [IP Ranges] › info Fetching https://www.cloudflare.com/ips-v4
proxy-app-1 | [12/10/2022] [3:21:11 PM] [IP Ranges] › info Fetching https://www.cloudflare.com/ips-v6
proxy-app-1 | [12/10/2022] [3:21:11 PM] [Nginx ] › info Reloading Nginx
proxy-app-1 | [12/10/2022] [3:21:13 PM] [Nginx ] › info Reloading Nginx
proxy-app-1 | [12/10/2022] [3:21:13 PM] [SSL ] › info Renew Complete
proxy-app-1 | [12/10/2022] [4:21:11 PM] [SSL ] › info Renewing SSL certs close to expiry...
proxy-app-1 | [12/10/2022] [4:21:12 PM] [Nginx ] › info Reloading Nginx
proxy-app-1 | [12/10/2022] [4:21:12 PM] [SSL ] › info Renew Complete
proxy-app-1 | [12/10/2022] [5:21:11 PM] [SSL ] › info Renewing SSL certs close to expiry...
proxy-app-1 | [12/10/2022] [5:21:12 PM] [Nginx ] › info Reloading Nginx
proxy-app-1 | [12/10/2022] [5:21:12 PM] [SSL ] › info Renew Complete

kapdome · December 14, 2022, 8:24pm

because we don't have knowledge about the way to configure Nginx

rg305 · December 14, 2022, 8:31pm

Then this is a problem...
A web site without qualified administration will inevitably fail.

kapdome · December 14, 2022, 9:37pm

yes it's just something around few seconds, this is what is very frustrating (hours and hours) for a few seconds of configuration

rg305 · December 17, 2022, 10:45pm

But it usually takes many years to get where one can do anything in just a few seconds...

system · January 16, 2023, 10:46pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.