Invalid response from .well-known/acme-challenge

forumics · May 7, 2022, 4:48am

I ran this command: sudo certbot certonly --manual -d forumics.dynu.net -d *.forumics.dynu.net

It produced this output:

The following errors were reported by the server:

Domain: forumics.dynu.net
Type: unauthorized
Detail: 116.88.190.69: Invalid response from
http://forumics.dynu.net/.well-known/acme-challenge/jckpuUdovNbBSDYg1cpuHIGgQJIHo1TRkibsttxFHWM:
400

My web server is (include version):
apache2 / ubuntu 18 / windows subsystem for linux

I can login to a root shell on my machine (yes or no, or I don't know):
yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.40.0

My instructions were
Create a file containing just this data:

jckpuUdovNbBSDYg1cpuHIGgQJIHo1TRkibsttxFHWM.3nZGZ3DXGrDC4z_IZt2ja-drM5Z551pTghIGIX8D65M

And make it available on your web server at this URL:

http://forumics.dynu.net/.well-known/acme-challenge/jckpuUdovNbBSDYg1cpuHIGgQJIHo1TRkibsttxFHWM

So i created a file in .well-known/acme-challenge
jckpuUdovNbBSDYg1cpuHIGgQJIHo1TRkibsttxFHWM
with the contents of
jckpuUdovNbBSDYg1cpuHIGgQJIHo1TRkibsttxFHWM.3nZGZ3DXGrDC4z_IZt2ja-drM5Z551pTghIGIX8D65M

I tested http://forumics.dynu.net/.well-known/acme-challenge/jckpuUdovNbBSDYg1cpuHIGgQJIHo1TRkibsttxFHWM and is able to see the text but for some reason letsencrypt always reports 400

rg305 · May 7, 2022, 6:12am

Is this a contradiction?
[can it be both?]

Can it be seen?
OR
Does it return an error 400?

I get neither:

curl -Ii http://forumics.dynu.net/.well-known/acme-challenge/jckpuUdovNbBSDYg1cpuHIGgQJIHo1TRkibsttxFHWM
curl: (56) Recv failure: Connection reset by peer

curl -Ii http://forumics.dynu.net/
curl: (56) Recv failure: Connection reset by peer

In any case, you will need a working HTTP site before it can be validated via HTTP authentication.
So that is step #1.

Then you might also want to review the current Apache status with:
apachectl -t -D DUMP_VHOSTS

forumics · May 7, 2022, 6:27am

thanks for helping, it's strange because i'm getting this
forumics@FORUMICS:/etc/apache2/sites-available$ curl -Ii http://forumics.dynu.net/.well-known/acme-challenge/jckpuUdovNbBSDYg1cpuHIGgQJIHo1TRkibsttxFHWM
HTTP/1.1 200 OK
Date: Sat, 07 May 2022 06:20:18 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Sat, 07 May 2022 04:18:57 GMT
ETag: "58-5de64461697ea"
Accept-Ranges: bytes
Content-Length: 88

forumics@FORUMICS:/etc/apache2/sites-available$ curl -Ii http://forumics.dynu.net/
HTTP/1.1 200 OK
Date: Sat, 07 May 2022 06:23:03 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 30 Mar 2022 12:33:39 GMT
ETag: "2aa6-5db6ec14dc026"
Accept-Ranges: bytes
Content-Length: 10918
Vary: Accept-Encoding
Content-Type: text/html

suspected it might be because i'm hitting localhost, so i tested http://forumics.dynu.net/index.html using my phone on 4G and i got Apache2 Ubuntu Default Page.
Don't mind can you try again?

rg305 · May 7, 2022, 6:30am

curl -Ii http://forumics.dynu.net/
curl: (56) Recv failure: Connection reset by peer

rg305 · May 7, 2022, 6:36am

Let's start here:

forumics · May 7, 2022, 6:37am

i suspect that there might be some caching going on, i just disabled routing http to https and disabled SSL.
i'll probably try again tomorrow.

forumics@FORUMICS:~$ apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:443 forumics.dynu.net (/etc/apache2/sites-enabled/forumics.dynu.net.conf:1)
*:8443 is a NameVirtualHost
default server forumics.dynu.net (/etc/apache2/sites-enabled/default-ssl.conf:4)
port 8443 namevhost forumics.dynu.net (/etc/apache2/sites-enabled/default-ssl.conf:4)
alias forumics.dynu.net
port 8443 namevhost forumics.dynu.net (/etc/apache2/sites-enabled/forumics.dynu.net.conf:11)
alias forumics.dynu.net
*:80 is a NameVirtualHost
default server forumics.dynu.net (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost forumics.dynu.net (/etc/apache2/sites-enabled/000-default.conf:1)
alias forumics.dynu.net
port 80 namevhost FORUMICS. (/etc/apache2/sites-enabled/nextcloud.conf:1)

rg305 · May 7, 2022, 6:38am

Show these two files:

Assuming the external ports aren't being NATted to any other internal ports.
[i.e. 80>80 & 443>443]

rg305 · May 7, 2022, 6:42am

Sorry, I may have overlooked the obvious:

Name:      forumics.dynu.net
Addresses: 2406:3003:2005:1d1b:5d1:dca4:796c:49aa
           116.88.190.69

We need to ensure that both IPv6 and IPv4 work.

rg305 · May 7, 2022, 6:44am

curl -Ii4 http://forumics.dynu.net/
HTTP/1.1 400 Bad Request
Date: Sat, 07 May 2022 06:42:56 GMT
Server: Apache/2.4.41 (Ubuntu)
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Length: 445
Connection: close
Content-Type: text/html; charset=iso-8859-1

curl -Ii6 http://forumics.dynu.net/
curl: (56) Recv failure: Connection reset by peer

forumics · May 7, 2022, 8:12am

got it to work at last!
i'm new to apache configuration thus not very familiar. used another computer to test the curl command and i was getting the same error message as you. hitting the url with another computer gets the SSL-enabled server port error message.

apparently setting SSL off in apache config files does not turn off SSL, needed to run a2dismod ssl

finally managed to pass the challenge, thanks for your findings and input!

system · June 6, 2022, 8:13am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.