Invalid Request from "..../.well-known/..."

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

So I have a main server running ubuntu 18.04 and WordPress install with the domain ( and now I want to create a second server with the same config but with the subdomain of

My domain is:

I ran this command: sudo certbot --nginx -d -d

It produced this output:

Type:   unauthorized
Detail: Invalid response from [2606:4700:30::681c:1908]: "<!DOCTYPE html>\n<!--[if lt IE 7]> <html class=\"no-js ie6 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if IE 7]>    <html class=\"no-js "

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.

My web server is (include version): nginx/1.14.0
The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

I haven’t done such a complex procedure with letsencrypt before please bare with me. If you need my DNS setup on Cloudflare or anything else please let me know.

It’s a problem with Cloudflare and the Certbot nginx plugin.

The cleanest workaround that I know of is to use the webroot authenticator, so that the Let’s Encrypt challenge response works whether or not the challenge request happens over HTTP or HTTPS.

For example:

certbot -i nginx -a webroot \
-w /path/to/your/wordpress \
-d \

Before you do that, you might need to first fix the current “521 Web server is down” error, which seems to be something new since you posted this thread.

1 Like

Note that the default certificate Cloudflare installs on their proxy servers is only for and *.threepixelslab.gr can be proxied by Cloudflare, but cannot. can work but will just return an error.

You’d have to buy a certificate from Cloudflare (or upgrade to one of the more expensive plans and upload a certificate). Or you can turn off the orange cloud on that subdomain, or just decide it doesn’t matter and delete it.

1 Like

So if I can’t get it sorted out should I leave cloudflare out of the second server ( and just point through digital ocean’s A records?

So I’ve been troubleshooting for 6 hours straight and that command worked :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.