Invalid response acme challenge - same IP as subdomain

CriticalKey · September 29, 2018, 5:51pm

Hi there,

I have an issue creating my ssl certicate for my main domain. The A-Entry in my DNS settings lead to the same IP of both, subdomain and main one.

Now strangely I could create the certificate for the subdomain, but not for the main one. I get following error:

Type: unauthorized
Detail: Invalid response from
http://glaubs.net/.well-known/acme-challenge/0xjQzCjpQg1WRlzhMM4ghucot1xnlg-CsMty_LkSCaQ:
“\r\n404 Not Found\r\n<body
bgcolor=“white”>\r\n

404 Not
Found
\r\n
”

I have no idea where the problem could be.

Thanks for your help!

My domain is: glaubs.net (subdomain: office.glaubs.net)

I ran this command: certbot

It produced this output:

The following errors were reported by the server:

Domain: glaubs.net
Type: unauthorized
Detail: Invalid response from
http://glaubs.net/.well-known/acme-challenge/0xjQzCjpQg1WRlzhMM4ghucot1xnlg-CsMty_LkSCaQ:
“\r\n404 Not Found\r\n<body
bgcolor=“white”>\r\n

404 Not
Found
\r\n
”
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

My web server is (include version): Apache/2.4.29 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: netcup

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): yes

mnordhoff · September 29, 2018, 5:53pm

They don’t have exactly the same IPs:

glaubs.net.         (insecure)  86400  A     185.162.248.168
glaubs.net.         (insecure)  86400  AAAA  2a03:4000:30:3633::11:3954
office.glaubs.net.  (insecure)  86400  A     185.162.248.168

Are you sure the IPv6 address is correct?

Edit:

The IPv6 address is running an Nginx web server, so it’s pointed to a different server, or set up differently.

https://letsdebug.net/glaubs.net/5972

CriticalKey · September 29, 2018, 6:10pm

Oh, I only checked the A record. Should I just delete the AAAA record or what would you recommend? To be honest I’m not sure if or how important it is to have the IPV6 IP as well.

mnordhoff · September 29, 2018, 6:20pm

It’s good to support IPv6, but the most important thing is for your DNS records to be correct.

Is that your IPv6 address?

It does have a valid certificate for https://glaubs.net/. It has a web page saying “Hier entsteht eine neue Webseite.”

Are you using both Apache and Nginx?

system · October 29, 2018, 6:20pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.