Invalid response for ACME Challenge

Help
1

My domain is: stream.quaranteen.university

I ran this command: sudo certbot --nginx

It produced this output:

rooday@qu-rtmp:~$ sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: stream.quaranteen.university
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for stream.quaranteen.university
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. stream.quaranteen.university (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://stream.quaranteen.university/.well-known/acme-challenge/r2INZuHiQNqDlcr7-XoHZhDlgOPaNGTFaL1e0R3iDss [142.93.4.82]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx/1.16.1</ce"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: stream.quaranteen.university
   Type:   unauthorized
   Detail: Invalid response from
   http://stream.quaranteen.university/.well-known/acme-challenge/r2INZuHiQNqDlcr7-XoHZhDlgOPaNGTFaL1e0R3iDss
   [142.93.4.82]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body>\r\n<center><h1>404 Not
   Found</h1></center>\r\n<hr><center>nginx/1.16.1</ce"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version): nginx/1.16.1

The operating system my web server runs on is (include version): Ubuntu 18.04.3 LTS

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Here’s what my /etc/nginx/nginx.conf looks like:

events {}

http {
        server {
                listen 80 default_server;
                listen [::]:80 default_server;
                server_name stream.quaranteen.university;
        }
}
1 Like
2

There must be more to it.
Somewhere you are returning 302 with the following address:

curl -Iki http://stream.quaranteen.university/
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.16.1
Date: Mon, 20 Apr 2020 20:52:07 GMT
Content-Type: text/html
Content-Length: 145
Connection: keep-alive
Location: https://www.twitch.tv/quaranteenu
1 Like
3

I ended up solving the issue by using https://certbot-dns-cloudflare.readthedocs.io/en/stable/ and just adding the cert and key path to my nginx conf manually. There was more to my conf file but it was commented out at the time I posted this question (I had an rtmp directive in there as well and the certbot nginx plugin didn’t know how to handle it so I commented out everything but the bear minimum for a running nginx server). I should’ve updated this post sooner, thanks for taking your time though!

2 Likes
4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.