Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: wpopken.de
I ran this command: /root/.acme.sh/acme.sh --cron --home "/root/.acme.sh"
It produced this output: Invalid response from https://wpopken.de/.well-known/acme-challenge/IJXMYGLzfmRK11uYy1A3JANvfNlbecLaBMy9Vt36isI: 404
My web server is (include version): nginx/1.16.1
The operating system my web server runs on is (include version): Ubuntu 24.04 LTS
My hosting provider, if applicable, is: IONOS
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): GitHub - acmesh-official/acme.sh: A pure Unix shell script implementing ACME client protocol
v3.0.8
I used to run acme.sh for years without problems.
Recently I changed my system in 2 ways:
- I switched one of my 2 machines to a different IP
- and I switched dns servers for my 3 domains from server4you to cloudflare.
The daily renew routine works as usual.
Now one certificate is due for renewal and I get an error which is incomprehensible to me:
Invalid response from https://wpopken.de/.well-known/acme-challenge/IJXMYGLzfmRK11uYy1A3JANvfNlbecLaBMy9Vt36isI: 404
This domain is on the machine with the new IP.
Of course this message is correct, there is only one file called test in that directory and this is shown. Assuming that acme
wants to write to this directory and cannot write due to permissions, I set the properties of acme-challenge
from 755
to 777
, to no avail.
Is this assumption true? I see from the machine where the other domain is served that there are several entries of this kind, 4 of them with the same date 06.04.2024 13:10:46 and one of 08.08.2024, the permissions of acme-challenge
are set to 755
.
Also, creating this missing file manually does not help, as there is a different filename at the next attempt.
I have a TXT entry _acme-challenge
in my dns records which is used by acme, as I understand it, as proof that I am the legitimate owner of that domain.
Why do I get this error? Will I get the same error with the other 2 domains once they are due?
I thought about issuing a totally new certificate for this domain from scratch to get a new TXT entry, but I don't know how to get rid of the existing one. Also, this does not seem to be prudent, as everything worked fine for years.
Please enlighten me. I searched the web for days without getting a clue. I still have a few days off.