Invalid response from /.well-known/acme-challenge

Hi,

My domain is: zerouk.me

I ran this command: /opt/letsencrypt/letsencrypt-auto

It produced this output:

Failed authorization procedure. www.zerouk.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.zerouk.com/.well-known/acme-challenge/pO5-WLZBGEfJ2GhaqyWokrkfluLgvn3yy8tnirvCmjE: “<!doctype html>\n\n<!–[if lt IE 7]> <html class=”", zerouk.me (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://zerouk.me/.well-known/acme-challenge/tZolPtMXRZ2ff9BPWkxdjYiAJO_NUc966TCp1yJwYhQ: “<!doctype html>\n\n\n \n <meta http-equiv=“Content-Type” content=“text/html; charset=utf-8”>\n <meta htt”

IMPORTANT NOTES:

My web server is (include version):apach2

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: soyoustart

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Additionnal info: domaine provider: godaddy.com

So basically I’ve been trying to install SSL for 2 days but every time I try I get this result. I tried a dozen different proposed solutions found on google with no succes and tried to completly reinstall my server 2 times, each time following a different tutorial. Didn’t get more succes. At this point I have no idea what I’m doing wrong.
http://zerouk.me works fine
Am I missing a configuration I should make in apache or didn’t create something I should have?
I found a lot of topics with a similar error but it was for the renewal of the certificate and not it’s creation.

Note: I’m a new beginner on linux so please be patient and indicate the command I must run. It’s also the first time I create a webserver so maybe I’im doing something wrong with the DNS A/AAAA records as lets’encrypt suggest it?

Thank’s a lot in advance for your help.

Both of those domains have different IP addresses, and they’re both GoDaddy IP addresses, not from So you Start.

zerouk.com.      (insecure)  14172  A      97.74.234.72
www.zerouk.com.  (insecure)  14173  CNAME  zerouk.com.
zerouk.com.      (insecure)  14172  A      97.74.234.72

zerouk.me.       (insecure)  372    A      184.168.131.241
www.zerouk.me.   (insecure)  3373   CNAME  zerouk.me.
zerouk.me.       (insecure)  372    A      184.168.131.241

Is that correct?

Which domain are you trying to get a certificate for? Both?

If you run just that command, certbot (which is the current name of the Let's Encrypt official EFF client) would have asked you a lot of questions. What were the answers to those questions?

Alas, the software you're running on your site seems to be the culprit. For example, for your .me domain:

osiris@desktop ~ $ curl -Lv http://www.zerouk.me/.well-known/acme-challenge/pO5-WLZBGEfJ2GhaqyWokrkfluLgvn3yy8tnirvCmjE
*   Trying 184.168.131.241...
* Connected to www.zerouk.me (184.168.131.241) port 80 (#0)
> GET /.well-known/acme-challenge/pO5-WLZBGEfJ2GhaqyWokrkfluLgvn3yy8tnirvCmjE HTTP/1.1
> Host: www.zerouk.me
> User-Agent: curl/7.49.0
> Accept: */*
> 
< HTTP/1.1 302 Found
< Connection: close
< Pragma: no-cache
< cache-control: no-cache
< Location: /OTcnZ/.well-known/acme-challenge/pO5-WLZBGEfJ2GhaqyWokrkfluLgvn3yy8tnirvCmjE
< 
* Closing connection 0
* Issue another request to this URL: 'http://www.zerouk.me/OTcnZ/.well-known/acme-challenge/pO5-WLZBGEfJ2GhaqyWokrkfluLgvn3yy8tnirvCmjE'
* Hostname www.zerouk.me was found in DNS cache
*   Trying 184.168.131.241...
* Connected to www.zerouk.me (184.168.131.241) port 80 (#1)
> GET /OTcnZ/.well-known/acme-challenge/pO5-WLZBGEfJ2GhaqyWokrkfluLgvn3yy8tnirvCmjE HTTP/1.1
> Host: www.zerouk.me
> User-Agent: curl/7.49.0
> Accept: */*
> 
< HTTP/1.1 302 Found
< Connection: close
< Pragma: no-cache
< cache-control: no-cache
< Location: /.well-known/acme-challenge/pO5-WLZBGEfJ2GhaqyWokrkfluLgvn3yy8tnirvCmjE
< 
* Closing connection 1
* Issue another request to this URL: 'http://www.zerouk.me/.well-known/acme-challenge/pO5-WLZBGEfJ2GhaqyWokrkfluLgvn3yy8tnirvCmjE'
* Hostname www.zerouk.me was found in DNS cache
*   Trying 184.168.131.241...
* Connected to www.zerouk.me (184.168.131.241) port 80 (#2)
> GET /.well-known/acme-challenge/pO5-WLZBGEfJ2GhaqyWokrkfluLgvn3yy8tnirvCmjE HTTP/1.1
> Host: www.zerouk.me
> User-Agent: curl/7.49.0
> Accept: */*
> 
< HTTP/1.1 404 Not Found
(...)
osiris@desktop ~ $

It redirects to a whole other directory: Location: /OTcnZ/.well-known/acme-challenge/...

And for your .com domain, the redirect is to HTTPS, no matter what the request was:

osiris@desktop ~ $ curl -Lv http://www.zerouk.com/.well-known/acme-challenge/pO5-WLZBGEfJ2GhaqyWokrkfluLgvn3yy8tnirvCmjE
*   Trying 97.74.234.72...
* Connected to www.zerouk.com (97.74.234.72) port 80 (#0)
> GET /.well-known/acme-challenge/pO5-WLZBGEfJ2GhaqyWokrkfluLgvn3yy8tnirvCmjE HTTP/1.1
> Host: www.zerouk.com
> User-Agent: curl/7.49.0
> Accept: */*
> 
< HTTP/1.1 302 Moved Temporarily
< Date: Sat, 27 Oct 2018 16:38:48 GMT
< Server: Apache/2.4.18 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
< X-Powered-By: PHP/5.5.32
< Location: https://zerouk.com/
< Cache-Control: max-age=31536000
< Expires: Sun, 27 Oct 2019 16:38:48 GMT
< Vary: User-Agent
< Connection: keep-alive
< Content-Length: 0
< Content-Type: text/html; charset=UTF-8
< 
* Connection #0 to host www.zerouk.com left intact
osiris@desktop ~ $ 

See that Location header? Without the /.well-known/acme-challenge/ part? Looks like a broken redirect. Your redirect location should also include the request path. Unless this is on purpose. If so, you should exclude the /.well-known/acme-challenge/ path from that redirect.

1 Like

Oups! My bad. I maide a mistake in the virtualhost It's not www.zerouk.com but www.zerouk.me. Corrected it.
@mnordhoff sorry just mixed up. I'm renting a server at soyoustart and I bought the domaine name at godaddy.

I don't know what you mean there. What should I do?

It just asked one question. This is what came out after the command, just before what I posted in the first message:

root@Zerouk:~# /opt/letsencrypt/letsencrypt-auto
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: zerouk.me
2: www.zerouk.me
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.zerouk.me
http-01 challenge for zerouk.me
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges

Should I have gone for zerouk.me only? www.zerouk.me is only a serveralias in the virtualhost.

Still, zerouk.me and www.zerouk.me also point at a GoDaddy IP address. Not a So you Start server.

(Some?) GoDaddy sites use a web server that sends weird HTTP redirects, and blocks some requests. Yours is one of them. It interferes with Let’s Encrypt HTTP validation.

so how what should I do?

Just thougt about one thing. If I remove the forwarding of my domain in the godaddy manager and ad the domain in the secondary DNS manager by soyoustart would that resolve the problem?

The tools you're using expect the DNS records to be pointed directly at the web server, not at a GoDaddy forwarding service, so making this happen would be a useful first step.

Thank’s for your help. Since the problem seems to be godaddy I bought another domaine by ovh. I made it with this one and it works perfectly. Will keep this one.
Again thank’s a lot for your time and help.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.