Invalid response from wellknown request while it's working actually

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
certbot certonly --dry-run --installer=nginx -d

It produced this output:

[iZ2318zhx0tZ]/tmp # certbot certonly --dry-run --installer=nginx -d
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Nginx Web Server plugin (nginx)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 3
Plugins selected: Authenticator webroot, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Input the webroot for (Enter 'c' to cancel): /var/www/letsencrypt/
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from []: "<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"textml;charset=UTF-8\" />\n   <style>body{background-color:#FFFFFF}</style>"

 - The following errors were reported by the server:

   Type:   unauthorized
   Detail: Invalid response from
   []: "<html>\n<head>\n<meta http-equiv=\"Content-Type\"
   content=\"textml;charset=UTF-8\" />\n

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version):

The operating system my web server runs on is (include version):
Ubuntu 14.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.31.0

I have tried all following ways, and no luck,
1: Nginx Web Server plugin (nginx)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)

actually, all I want is to renew the cert, and btw I can get data from the .wellknown like:

wget --no-check-certificate

is there anything I have missed or any steps needed to be taken? any information is appreciated.

Hi @huangtao

checking your domain there is a http status 403 - Forbidden ( ):

Domainname Http-Status redirect Sec. G 403 0.470 M
Forbidden 403 0.467 M
Forbidden 200 2.410 N
Certificate error: RemoteCertificateChainErrors 502 2.426 N
Bad Gateway
Certificate error: RemoteCertificateNameMismatch, RemoteCertificateChainErrors 403 0.436 M
Visible Content: 403 0.436 M

But checking your test page

and the own check

manual there is a blocking result:







The english version:

A Kindly Reminder

    The website is unable to access for the moment

    Sorry, the website is unable to access for the moment. According to the filing 
requirements of China's Ministry of Industry and Information Technology (MIIT), 
the website is accessible only if the ICP information is accurate and the 
ICP license is filed.Please contact the person in charge of the 
website for assisstance.

    Click here to get more details about ICP Filing.

Something you have to do before your website works.

You may use dns-01 validation, then you don’t need a running webserver.

1 Like

Thanks @JuergenAuer, I am busy on it.

Now, due to the paper-work-need reason, I actually want, now ,all my https would pass lets encrypt check or just ignore it and give out the blocking result to user, Is there any way I can do that?

By now, I have delete some letsencrypt files by

 certbot delete --cert-name

And restore my Nginx configure file to normal http, still got failed by CA check, is there some thing I should do with letsencrypt-side files?

Make a backup of your config files.

Then remove all symbolic links in /sites-enabled. Then restart your nginx.

I see only this A Kindly Reminder - text

PS: Sorry - remove only all symbolic links to https configurations. Not all.

1 Like

Thanks @JuergenAuer, for your reply, we have get cert succesfully renewed using dns-challenge as you advised, simple and effectively, and what a great work you guys have done on letsencrypt, thanks again, sincerely。

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.