Invalid response from / well-known/acme-challenge

Help
1

Please note I have used letsdebug.net to check and it all came ok.

My domain is: classette.in

I ran this command: ./certbot-auto certonly --standalone --debug -d classette.in

It produced this output:

http-01 challenge for classette.in
Waiting for verification...
Challenge failed for domain classette.in
http-01 challenge for classette.in
Cleaning up challenges
Exiting abnormally:
Traceback (most recent call last):
File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 11, in
sys.exit(main())
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/main.py", line 1357, in main
return config.func(config, plugins)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/main.py", line 1237, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/main.py", line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/client.py", line 418, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/client.py", line 351, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/client.py", line 398, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/opt/eff.org/certbot/venv/lib/python2.7/site-packages/certbot/_internal/auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
AuthorizationError: Some challenges have failed.
Please see the logfiles in /var/log/letsencrypt for more details.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: classette.in
   Type:   unauthorized
   Detail: Invalid response from
   http://classette.in/.well-known/acme-challenge/P1AXWHLksCzBA_hEuO1FDOHIXeUrI3wHzuMatCfqIsU
   [207.174.213.34]: "\n<html><head><meta name=\"viewport\"
   content=\"width=device-width,initial-scale=1\"></head><frameset
   border=\"0\" rows=\"100%,*\" cols=\""

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version): Node Js, Nginx

The operating system my web server runs on is (include version): Amazon Linux

My hosting provider, if applicable, is: My App is hosted on AWS EC2 Linux instance, but the domain is registered using Bigrock.in , I am merely using domain forwarding services.

I can login to a root shell on my machine (yes or no, or I don't know): yes I can,

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Yes I can, however, I am just using domain forwarding service.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

At the time of generating certificate I stopped my Nginx service. This is the current Nginx confc;
3000 is where my Node App runs.

For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    	# Load modular configuration files from the /etc/nginx/conf.d directory.
    	# See http://nginx.org/en/docs/ngx_core_module.html#include
    	# for more information.
   	 include /etc/nginx/conf.d/*.conf;

server{
	listen 80 	default_server;
	listen		[::]:80 default_server;
	server_name	localhost_;
	root		/usr/share/nginx/html;

	# load configuration frils for default server block.
	include	/etc/nginx/default.d/*.confc;
	
	
	location / {
		proxy_pass http://127.0.0.1:3000;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection 'upgrade';
		proxy_set_header Host $host;
		proxy_cache_bypass $http_upgrade;
				
	}
	
	error_page 404 /404.html;
		location = /40x.html{
	}
	
	error_page 500 502 503 504 /50x.html;
		location = /50x.html{
	}
     }

}

# Settings for a TLS enabled server.
#
#	server{
#		listen 		443 ssl http2 default_server;
#		listen 		[::]:443 ssl http2 default_server;
#		server_name	_;
#		root		/usr/share/nginx/html;
#		
#		ssl_certificate	"/etc/pki/nginx/server.crt";
#		ssl_certificate_key "/etc/pki/nginx/private/server.key";
#		ssl_session_cache shared:SSL:1m;
#		ssl_session_timeout  10m;
#		ssl_ciphers PROFILE=SYSTEM;
#		ssl_prefer_server_ciphers on;
# 		load configuration frils for default server block.
#		include	/etc/nginx/default.d/*.confc;
#
#		error_page 404 /404.html;
#		location = /40x.html{
#		}
#	
#	        error_page 500 502 503 504 /50x.html;
#		location = /50x.html{
#		}
#	}
}
1 Like
2

Hi @scorpion-3

that can't work, see your check, ~~6 hours old - https://check-your-website.server-daten.de/?q=classette.in

Your ip address:

Host Type IP-Address is auth. ∑ Queries ∑ Timeout
classette.in A 207.174.213.34 Burlington/Massachusetts/United States (US) - PDR No Hostname found yes 1 0
AAAA yes
www.classette.in A 207.174.213.34 Burlington/Massachusetts/United States (US) - PDR No Hostname found yes 1 0
AAAA yes

And your check has an explicit warning:

Info: Html-Content with frame found, may be a problem creating a Letsencrypt certificate using http-01 validation

<html><head><meta name="viewport" content="width=device-width,initial-scale=1"></head>
<frameset border="0" rows="100%,*" cols="100%" frameborder="no">
<frame name="TopFrame" scrolling="yes" noresize 
src="http://3.7.97.112/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de"><frame name="BottomFrame" scrolling="no" noresize>
<noframes></noframes></frameset></html>

You can't create a certificate via that

domain forwarding with a frame.

Your A record must point to your 3.7.97.112, not to that 207.174.213.34 you don't control.

So 207.174.213.34 is checked, not your 3.7 with your nginx and your Node App.

And you can't install a certificate on 207.174.213.34, because you don't control that webserver.

So a correct certificate would be worthless because you can't use it.

3 Likes
3

Oh I get it. so will it work if i try putting in 3.7.97.112 so that at least my Node JS app will have ssl enabled? can I run the below command?
./certbot-auto certonly --standalone --debug -d 3.9.97.112

As for the domain name, I will have to get the SSL from the hosting provider for that domain I guess.
Let me know if my assumptions are correct.

4

You can't create a certificate with an ip address.

Switch the A-record of your domain name or use another domain name with a working dns provider.

5

Thanks for the quick response, I am actually new to SSL and Domains. Sorry to bother you with silly questions, so if I want my Node JS app to have SSL enabled, I would still need a domain name? If you can point out any article that can help me guide on how to enable SSL for Node JS app on Amazon. That would be helpful.

6

Follow this tutorial: https://support.bigrock.com/index.php?/Knowledgebase/Article/View/633/5/editing-your-domains-dns-records . You need to setup your DNS like that, instead of using DNS forwarding.

Then after waiting a short while, you can try your original Certbot command again (with your Node.js server stopped).

1 Like
7

This worked! thanks a ton !

8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.