Invalid Response from well-known/acme-challenge with .acme.sh/acme.sh --issue -d typing12.com

Help
1

When I run this command .acme.sh/acme.sh --issue -d typing12.com -w /home/umardd/typing12.com it shows the error typing12.com:Verify error:185.61.154.53: Invalid response from https://typing12.com/.well-known/acme-challenge/peYHXXGCU-t-WVzuLBSmR_bqL_IKtpPow0rIqRdC8CI: 404

My domain is:
typing12.com

I ran this command:
.acme.sh/acme.sh --issue -d typing12.com -w /home/umardd/typing12.com

List item

It produced this output:

[Mon Aug 22 04:55:33 EDT 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon Aug 22 04:55:33 EDT 2022] Single domain='typing12.com'
[Mon Aug 22 04:55:33 EDT 2022] Getting domain auth token for each domain
[Mon Aug 22 04:55:35 EDT 2022] Getting webroot for domain='typing12.com'
[Mon Aug 22 04:55:35 EDT 2022] Verifying: typing12.com
[Mon Aug 22 04:55:36 EDT 2022] Pending, The CA is processing your order, please just wait. (1/30)
[Mon Aug 22 04:55:40 EDT 2022] Pending, The CA is processing your order, please just wait. (2/30)
[Mon Aug 22 04:55:44 EDT 2022] typing12.com:Verify error:185.61.154.53: Invalid response from https://typing12.com/.well-known/acme-challenge/peYHXXGCU-t-WVzuLBSmR_bqL_IKtpPow0rIqRdC8CI: 404
[Mon Aug 22 04:55:44 EDT 2022] Please check log file for more details: /home/umardd/.acme.sh/acme.sh.log

My web server is (include version):
namecheap says it is web hosting product. I don't know if it is correct for shared hosting.

The operating system my web server runs on is (include version):
namecheap says it is Cent OS 7

My hosting provider, if applicable, is:
namecheap.com (shared hosting).

I can login to a root shell on my machine (yes or no, or I don't know):

Yes.

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

  • cPanel: 102

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I am not using certbot. I am executing .acme.ssh commands on terminal and I do have SSH access.

2

Welcome to the community @vuumar

You got a cert from CertCloud just two days ago. And, you'd gotten one from them before that. Is there are a reason you can't use that one?

I also see you have gotten certs from other Certificate Authorities. That's fine. But, did you also use acme.sh to get those?

Mostly I want to make sure we're solving the fundamental problem and not just a symptom of something deeper.

3 Likes
3

Hi @MikeMcQ Thanks for your reply.

Yes, I was trying to execute acme.sh with ZeroSSL which failed many times with a Timeout error. Once I tried to setup them manually but it did not work and displayed the message invalid certificate.

Yes, I have acme.sh to obtain certificates from ZeroSSL for other domains but now ZeroSSL is not working so I switched to Let'sEncrypt server.

The last certificate I generated was for basicscomp.com and it is working fine.

1 Like
4

The key error code is the '404'. It means the challenge file created by acme.sh in the -d -w folder was not found by the Let's Encrypt server using that URL.

Usually this error is caused when the -d -w folder name is not the same as the one in the server's document root. I believe litespeed uses the same config as apache and so that would be the DocumentRoot value in the VirtualHost for that domain.

Can you show the VirtualHost config for that?

@vuumar Sorry, I just realized I typed -d when I meant -w - fixed.

3 Likes
5

Another piece of puzzle is the "https" in the 404 failure.
That means the HTTP challenge requests were heard and redirected - a missed opportunity.

3 Likes
6

Thanks for the explanation.

Where I can find the VirtualHost config for a domain?

7

That depends on the web server used.

In your case, you may need to ask namecheap.

3 Likes
8

Hi, @MikeMcQ and @rg305

I have checked the folder, the name is same.

wellknown
wellknown1045×633 38.5 KB

It contains a sub-folder pki-validation which in turn contains two files,

  1. C970D2D5E52F963D0F01384754BD492C.txt
  2. E3D1C25902FD65B940DDAC9E097380FD.txt

Also, confirmed from namecheap.com that the webserver is Litespeed and OS is CloudLinux OS which is based on CentOS.

Thanks for your continued help and support.

1 Like
9

The pki-validation is not used by Let's Encrypt or acme.sh. That was for a different cert through namecheap.

It is too bad namecheap could not describe how to see your VirtualHost config.

But, you probably just need to use the full path ending in .../public_html from that screen as the value in your -w and not this:

4 Likes
10

Thanks for updating. I run the said command with full path but it still shows the invalid response error.

I have checked in the Document Root of the domain, there was not acme-challenge folder. I created it manually.

Now from where I can add the validation files?

1 Like
11

There is no need to add the acme-challenge folder. It is created as needed.

And, the validation files are created by acme.sh. It then asks the Let's Encrypt server to look for that file.

If it did not work then the value for -w is still not right. What folder do you have your "home page" in?

3 Likes
12

The home page is in the public_html folder.

I have also checked in the .htaccess file, the full path is /home/umardd/public_html

13

This:

doesn't match this:

2 Likes
14

Can you show the result of using this for your -w value? Not all failures are identical.

.acme.sh/acme.sh --issue -d typing12.com -w /home/umardd/public_html

Also please show contents of your .htaccess file

3 Likes
15

Shouldn't we also be including the "www"?:

Name:    typing12.com
Address: 185.61.154.53
Aliases: www.typing12.com
3 Likes
16

Probably should. I just mimic'd the command in first post but both domains best for sure

3 Likes
17

Here is the output after running the desired command.

[umardd@premium61 ~]$ .acme.sh/acme.sh --issue -d typing12.com -w /home/umardd/public_html/typing12.com
[Wed Aug 24 22:11:00 EDT 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed Aug 24 22:11:00 EDT 2022] Single domain='typing12.com'
[Wed Aug 24 22:11:00 EDT 2022] Getting domain auth token for each domain
[Wed Aug 24 22:11:02 EDT 2022] Getting webroot for domain='typing12.com'
[Wed Aug 24 22:11:02 EDT 2022] Verifying: typing12.com
[Wed Aug 24 22:11:03 EDT 2022] Pending, The CA is processing your order, please just wait. (1/30)
[Wed Aug 24 22:11:07 EDT 2022] Pending, The CA is processing your order, please just wait. (2/30)
[Wed Aug 24 22:11:11 EDT 2022] typing12.com:Verify error:185.61.154.53: Invalid response from https://typing12.com/.well-known/acme-challenge/6bZPJ2dRetV-tHwDLzW1qK2Ho-QLPpLj-pcoC0hmT64: 404
[Wed Aug 24 22:11:11 EDT 2022] Please check log file for more details: /home/umardd/.acme.sh/acme.sh.log

Contents of .htaccess file:

text/x-generic .htaccess ( ASCII English text )

# BEGIN LSCACHE
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
<IfModule LiteSpeed>
RewriteEngine on
CacheLookup on
RewriteRule .* - [E=Cache-Control:no-autoflush]
RewriteRule \.litespeed_conf\.dat - [F,L]

### marker CACHE RESOURCE start ###
RewriteRule wp-content/.*/[^/]*(responsive|css|js|dynamic|loader|fonts)\.php - [E=cache-control:max-age=3600]
### marker CACHE RESOURCE end ###

### marker FAVICON start ###
RewriteRule favicon\.ico$ - [E=cache-control:max-age=86400]
### marker FAVICON end ###

### marker DROPQS start ###
CacheKeyModify -qs:fbclid
CacheKeyModify -qs:gclid
CacheKeyModify -qs:utm*
CacheKeyModify -qs:_ga
### marker DROPQS end ###

</IfModule>
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
# END LSCACHE
# BEGIN NON_LSCACHE
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
# END NON_LSCACHE

# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

# BEGIN Security Block
# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>

# Disable directory listing
Options All -Indexes

# Remove header with PHP version
Header always unset X-Powered-By
Header unset X-Powered-By
# END Security Block

# Wordfence WAF
<IfModule LiteSpeed>
php_value auto_prepend_file '/home/umardd/public_html/wordfence-waf.php'
</IfModule>
<IfModule lsapi_module>
php_value auto_prepend_file '/home/umardd/public_html/wordfence-waf.php'
</IfModule>
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>

# END Wordfence WAF
18

Looks like you added something to the end of public_html. Can you try without that?

3 Likes
19

This:

doesn't look like this:

3 Likes
20

I just realized you got a cert for typing12.com earlier today.

How did you get that one? The only thing "wrong" is it does not have the www subdomain as Rudy pointed out earlier. That's an easy fix once you are able to get a cert.

https://tools.letsdebug.net/cert-search?m=domain&q=typing12.com&d=168

3 Likes