Invalid response for challenge files

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
lineagewhlcom

I ran this command:
sudo certbot --apache -d lineagewh.com -d www.lineagewh.com -d wwui.lineagewh.com -d www.usgwh.com -d wwui.usgwh.com

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache


You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/wwui.usgwh.com.conf)

It contains these names: www.lineagewh.com, wwui.usgwh.com

You requested these names for the new certificate: lineagewh.com,
www.lineagewh.com, wwui.lineagewh.com, www.usgwh.com, wwui.usgwh.com.

Do you want to expand and replace this existing certificate with the new
certificate?


(E)xpand/©ancel: e
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for lineagewh.com
http-01 challenge for wwui.lineagewh.com
http-01 challenge for wwui.usgwh.com
http-01 challenge for www.lineagewh.com
http-01 challenge for www.usgwh.com
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.lineagewh.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.lineagewh.com/.well-known/acme-challenge/QfTeBW1ziksohVVrGuiYcrPFjf4T9EUs_barci6cy_Q [208.68.8.34]: "\n\n\n\n\n \n <!–\n ! Package: Warehouse System\n ! Subpackage: Website\n ! Author: ", wwui.lineagewh.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://wwui.lineagewh.com/.well-known/acme-challenge/86qHUN5y8czv9vxfK71O5DzwNry6sg4VHNNAN6uPS9E [208.68.8.34]: "\n\n\n\n\n \n <!–\n ! Package: Warehouse System\n ! Subpackage: Website\n ! Author: ", www.usgwh.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://www.usgwh.com/.well-known/acme-challenge/tTnCdjHHC-ESr1GBvSIewJEzDZa6_cWg556L7ngHVYY [208.68.8.40]: “\n\n404 Not Found\n\n

Not Found

\n<p”, wwui.usgwh.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://wwui.usgwh.com/.well-known/acme-challenge/MQYrwJzR0qm-ZNx2az9I_3_q62lrF8h5XiaVf4RyD_k [208.68.8.34]: "\n\n\n\n\n \n <!–\n ! Package: Warehouse System\n ! Subpackage: Website\n ! Author: ", lineagewh.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://lineagewh.com/.well-known/acme-challenge/ioHpR03lE830oxikdpsK32y2dUVJGLdX00pY-nrWZDA [208.68.8.34]: "\n\n\n\n\n \n <!–\n ! Package: Warehouse System\n ! Subpackage: Website\n ! Author: "

IMPORTANT NOTES:

My web server is (include version):
Apache 2.4.18

The operating system my web server runs on is (include version):
Ubuntu 16.05.6 LTS

My hosting provider, if applicable, is:
n/a

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
0.28.0

Based on the certbot log file, it appears that certbot adds a temporary rewrite rule for /.well-known/acme-challenge to actually go to /var/lib/letsencrypt/http_challenges/. Perhaps that is not working? Does it restart Apache to do this?

The actual web site is a Symfony application and the response in the error messages is a custom 404 page.

Hi @dpatterson

checking your first domain ( https://check-your-website.server-daten.de/?q=lineagewh.com ) that looks, that there is already a configuration:

Domainname Http-Status redirect Sec. G
http://lineagewh.com/
208.68.8.34 302 Login-Warehouse System 0.417 D
http://www.lineagewh.com/
208.68.8.34 302 http://www.lineagewh.com/login 0.380 D
Login-Warehouse System 200 0.434 H
http://www.lineagewh.com/login 200 0.397 H
https://lineagewh.com/
208.68.8.34 302 Login-Warehouse System 1.973 N
Certificate error: RemoteCertificateNameMismatch
https://www.lineagewh.com/
208.68.8.34 302 Login-Warehouse System 1.753 B
Login-Warehouse System 200 1.487 N
Certificate error: RemoteCertificateNameMismatch
Login-Warehouse System 200 1.483 I
http://lineagewh.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
208.68.8.34 404 0.390 A
Not Found
Visible Content: Warehouse System Page Not Found Sorry. We can't seem to find the page you are looking for (404-Not Found). If you got this error by clicking a link or button on this site, please contact Technical Support and let us know which link and on which page. Thank you. WWUI V2.0.0 Copyright © 2003-2019 Beck Computer Systems, Inc. All rights reserved.
http://www.lineagewh.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
208.68.8.34 404 0.390 A
Not Found
Visible Content: Warehouse System Page Not Found Sorry. We can't seem to find the page you are looking for (404-Not Found). If you got this error by clicking a link or button on this site, please contact Technical Support and let us know which link and on which page. Thank you. WWUI V2.0.0 Copyright © 2003-2019 Beck Computer Systems, Inc. All rights reserved.

http and https is redirected to the login page. But /.well-known/acme-challenge is not.

Looks like there are own rules, so this

may not work. Does this application

allow static files in a special subfolder? Or is there something like a webroot / DocumentRoot definition?

If yes, use that instead the --apache - plugin.

certbot run -a webroot -i apache -w yourWebRoot -d yourdomains
1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.