Invalid response from .well-known/acme-challenge | 404

Help
1

Hi, i'm using PHP with symfony and trying to get SSL certificate for my domain.

https://crt.sh/?q=in-vse.cz

My domain is: in-vse.cz

I ran this command: sudo certbot --apache

It produced this output:
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Requesting a certificate for in-vse.cz
Performing the following challenges:
http-01 challenge for in-vse.cz
Waiting for verification...
Challenge failed for domain in-vse.cz
http-01 challenge for in-vse.cz
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: in-vse.cz
    Type: unauthorized
    Detail: Invalid response from
    http://in-vse.cz/.well-known/acme-challenge/jnVhMyqUDe88e_9EBZayrpJFV56NpLc8U5hKBbi8yQA
    [2a02:4a8:ac24:110::10:144]: "<!doctype html public "-//w3c//dtd
    html 3.2//en">\n\n\n Not found -
    Nenalezeno\n <meta http-equiv="Cont"

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version): Apache/2.4.41 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is: active24.cz

I can login to a root shell on my machine (yes or no, or I don't know): Y

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.14.0

1 Like
2

Hi @Slava

your configuration has minimal two bugs, see your check result - https://check-your-website.server-daten.de/?q=in-vse.cz

You have ipv4 and ipv6 - but there are different answers, that's always fatal.

See your screenshot. The website isn't configured, so --apache can't work.

But the screenshot looks like a message of your provider. Are you sure the ip is correct?

1 Like
3

Hi, thank you for your reply.
Actually i don't know, if u set up my DNS correctly.
My snapshot of DNS config:

Screenshot from 2021-04-07 17-31-18
Screenshot from 2021-04-07 17-31-18782×289 18.4 KB

I'm sure, that 81.95.108.57 is correct, but i'm not pretty sure about AAAA IP addresses

1 Like
4

I currently see it set to 2002:515f:6c39::515f:6c39, but there is no server available at that IPv6 address. Can you check with your hosting provider to confirm that this is your correct IPv6 address?

1 Like
5

Problem was solved:

1 Like
6

Thanks for sharing your solution. I want to point out for other readers that not all sites will use this kind of conversion mechanism. In many cases, you would be issued an IPv6 address directly by your hosting provider, which could be completely independent of your IPv4 address.

1 Like
7

I wouldn't use these kinds of "converted" IPv6 addresses if I were you. The method used by that site is 6to4 which is just a transitional mechanism until native IPv6 was properly deployed. Nowadays, anno 2021, this should be the case and one should not fall back on mechanisms such as 6to4..

As an example: I can't connect to your IPv6 address at all:

osiris@erazer ~ $ traceroute 2002:515f:6c39::515f:6c39
traceroute to 2002:515f:6c39::515f:6c39 (2002:515f:6c39::515f:6c39), 30 hops max, 80 byte packets
 1  2001:xxxx (2001:xxxx)  4.608 ms  4.548 ms  6.019 ms
 2  xx.yy.zz.xs4all.net (2001:888:1:xxxx::1)  16.527 ms  18.598 ms  18.588 ms
 3  0.ae23.xr4.1d12.xs4all.net (2001:888:1:4034::1)  23.372 ms !N  23.946 ms !N  13.284 ms !N
osiris@erazer ~ $

As you can see, a router of my ISP is refusing to route the traceroute any further..

2 Likes
8

Sorry, that's a very special solution.

Check the "server-daten.de" ip addresses (same as "check-your-website").

Ipv4: 85.215.2.226
Ipv6: 2a01:238:301b::1226

That has nothing to do with that result

IPv4-mapped IPv6 address - 0:0:0:0:0:FFFF:55D7:02E2 .
6to4 address 2002:55d7:02e2:0:0:0:0:0

Normally, ipv4 and ipv6 are completely independend. Only, if the hoster uses such a special configuration, that tool helps.

1 Like
9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.