Invalid Request from "..../.well-known/..."

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

So I have a main server running ubuntu 18.04 and WordPress install with the domain (threepixelslab.gr) and now I want to create a second server with the same config but with the subdomain of aggelies.threepixelslab.gr

My domain is: aggelies.threepixelslab.gr

I ran this command: sudo certbot --nginx -d aggelies.threepixelslab.gr -d www.aggelies.threepixelslab.gr

It produced this output:

Domain: aggelies.threepixelslab.gr
Type:   unauthorized
Detail: Invalid response from https://aggelies.threepixelslab.gr/.well-known/acme-challenge/vDUhqRopHeqfk8Lfuop_mVr7fCvaHzc5J9isltega78 [2606:4700:30::681c:1908]: "<!DOCTYPE html>\n<!--[if lt IE 7]> <html class=\"no-js ie6 oldie\" lang=\"en-US\"> <![endif]-->\n<!--[if IE 7]>    <html class=\"no-js "

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.

My web server is (include version): nginx/1.14.0
The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

I haven’t done such a complex procedure with letsencrypt before please bare with me. If you need my DNS setup on Cloudflare or anything else please let me know.

It’s a problem with Cloudflare and the Certbot nginx plugin.

The cleanest workaround that I know of is to use the webroot authenticator, so that the Let’s Encrypt challenge response works whether or not the challenge request happens over HTTP or HTTPS.

For example:

certbot -i nginx -a webroot \
-w /path/to/your/wordpress \
-d aggelies.threepixelslab.gr \
-d www.aggelies.threepixelslab.gr

Before you do that, you might need to first fix the current “521 Web server is down” error, which seems to be something new since you posted this thread.

1 Like

Note that the default certificate Cloudflare installs on their proxy servers is only for threepixelslab.gr and *.threepixelslab.grhttps://aggelies.threepixelslab.gr/ can be proxied by Cloudflare, but https://www.aggelies.threepixelslab.gr/ cannot. http://www.aggelies.threepixelslab.gr/ can work but https://www.aggelies.threepixelslab.gr/ will just return an error.

You’d have to buy a certificate from Cloudflare (or upgrade to one of the more expensive plans and upload a certificate). Or you can turn off the orange cloud on that subdomain, or just decide it doesn’t matter and delete it.

1 Like

So if I can’t get it sorted out should I leave cloudflare out of the second server (aggelies.threepixelslab.gr) and just point through digital ocean’s A records?

So I’ve been troubleshooting for 6 hours straight and that command worked :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.