Invalid Response From... even when file is ok

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
shurIRAN.com

I ran this command:
used wizard in zerossl.com

It produced this output:
Invalid response from http://shuriran.com/.well-known/acme-challenge/_q1MuQi9OgVz2P81tpAEcWyxfqDDNAjzWdJ4dIvM04c [185.27.134.218]: “<html><body><script type=“text/javascript” src=”/aes.js" ></script><script>function toNumbers(d){var e=;d.replace(/(…)/g,func"

My web server is (include version):
Don’t know, using CPanel 58.0.31

The operating system my web server runs on is (include version):
Linux (Don’t know more)

My hosting provider, if applicable, is:
gigfa.com

I can login to a root shell on my machine (yes or no, or I don’t know):
no

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
using CPanel 58.0.31

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Hi @elefents

isn’t it possible to use cPanel to create a certificate?

Looks like your /.well-known/acme-challenge - directory is blocked by another application (perhaps your main website):

Domainname Http-Status redirect Sec. G
http://shuriran.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.27.134.218 200 0.080
Visible Content: This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support
http://www.shuriran.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.27.134.218 200 0.087
Visible Content: This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support

Checking a not existing file in /.well-known/acme-challenge, a http status 404 / Not Found is expected. Instead your server sends a http status 200 and text content:

This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support

So you should create an exception that your application ignores /.well-known/acme-challenge.

1 Like

The response like you have received with an error is an indication of so called “bot protection” installed on your host. Usually that would be something like testcookie-nginx-module. Unfortunately, when Let’s Encrypt “verification agents” are trying to fetch the files, they are also seen as bots and they can’t retrieve the files.

In theory, some sort of whitelisting might help (as for example in the module mentioned), but you might have no access to that configuration, plus you would need to reliably specify the IP ranges Let’s Encrypt is using. In practice, probably the best way to avoid the issue is to use the DNS verification instead.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.