Invalid response from .well-known/acme-challenge on Debian


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
new.marianna.com

I ran this command:
certbot --apache

It produced this output:

Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter ‘c’ to cancel): 2

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for new.mari-anna.info
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. new.mari-anna.info (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://new.mari-anna.info/.well-known/acme-challenge/pa36jNlyoAhysgtIiMZr8v6jiJef84QjpQfOJlMiC9g: “<!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”>\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p”

IMPORTANT NOTES:

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.

My web server is (include version):
PRETTY_NAME=“Debian GNU/Linux 7 (wheezy)”
NAME=“Debian GNU/Linux”
VERSION_ID=“7”
VERSION=“7 (wheezy)”
ID=debian
ANSI_COLOR=“1;31”
HOME_URL=“http://www.debian.org/
SUPPORT_URL=“http://www.debian.org/support/
BUG_REPORT_URL=“http://bugs.debian.org/

The operating system my web server runs on is (include version):
Server version: Apache/2.2.22 (Debian)
Server built: Jul 17 2017 08:57:20

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes I can

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
I can login via ssh

Recently appened
My provider changed farm so the ip changed (I have updated the dns, they are ok, all was right until tru renew…)
my certificate expired…
I try renew (cerbot renew)
I had the error above
I deleted the /live/ and /renew/ sub folder in /etc/letsencrypt/ (maybe a very bad idea, 'cause I think I deleted my certificates so I cant revoke them…)
I renamed the folder /etc/letsencrypt/ (maybe I shoud have do this before, instead delete…)
I made a new register (certbot register)
I have a new /etc/letsencrypt/
try to generate new certificates (certbot --apache)
I have the error… Invalid response from …

Please help…!


#2

Hi @paolobiavati

please check your webserver to find your webroot (where your website starts).

Then create two directories

/.well-known/acme-challenge

and create there a file (file name 1234 without extension), so you can load this file via

http://new.marianna.com/.well-known/acme-challenge/1234

If this works, you have found your correct webroot. Then use

certbot run -a webroot -i apache -w yourWebRoot -d new.marianna.com

to create a new certificate.


#3

Hello, thank for the reply.
I made the test creating the file .well-known/acme-challenge/1234 inside mi document root, and I downloaded it with my web browser, so the test is ok… but I have the same error…

(ps:
My domain is:
new.mxxxxxxxxxxxxxxxa.info
I wrote it bad in the post, but doesn’t matter it was only a write error here…)


#4

Your webroot is

/var/www/marianna-web

#5

You are right men!!!
It works!!!
THANKS!!