Invalid response from

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

Using pfSense to create the Cert. for pfSense's webConfigurator.
Setup: Services > Acme > Certificates > Domain SAN list: | Standalone HTTP server

My domain is:

I ran this command:
Issue/Renew for the first time and

It produced this output:
[Mon May 2 17:42:15 MDT 2022] error: Invalid response from 404

My hosting provider, if applicable, is:

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
pfSense 2.6.0-RELEASE (amd64)
built on Mon Jan 31 19:57:53 UTC 2022

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): not installed

I don't have this /.well-known folder, my directory folder is /var/www/html/kohanyim-com/

<VirtualHost *:80>
    DocumentRoot /var/www/html/kohanyim-com
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]


<VirtualHost _default_:443>
DocumentRoot "/var/www/html/kohanyim-com"

My home network domain is, I already have a Cert for my public domain and using noip to point to my home server. I want to use your Cert for pfSense's webConfigurator.

So how do I correct this in order to complete the cert?

Is this page of Netgate docs helpful?


I'd remove the port from that.
[might not change anything at all - but it looks like it could (someday) wreak havoc]


I suppose this a bit of a side topic, but since you mentioned it:

So your pfSense is "" ?
You'd have to configure DNS in order to do that... and then your webConfigurator would be exposed to the public. NOT recommended.

Do you have a intranet with services, or just some workstations, IOT and TV's behind the router?

If you have (or want ) a private intranetwork, Consider using on your intranet as well and use the pfSense ACME Certificate Service with DNS validation for a wildcard solution to be deployed globally. It is easy to script distribution to your internal network.

BUT use a strong self signed cert for the configurator and keep it out of public space.

If I misunderstood your comment, please correct me. As to the main issue in your posted title, I'll leave that to the experts.


Yes, but webConfigurator will stay private within the intranet. I only want available for both public and private.

In addition to using as my intranet serving different Dept's, I also will have a dedicated server for the public, and already have bought a single and wildcard certs from NOIP. I just recently began trying to use Let's Encrypted, but watching / searching for a NOIP solution is basically no where to be found.

So will using my NOIP Cert accomplish securing a public / private web service?

Well do...

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.