Invalid response from

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: inteltarget.co.uk

I ran this command:
certbot --apache -d inteltarget.co.uk -d www.inteltarget.co.uk
It produced this output:
Domain: www.inteltarget.co.uk
Type: unauthorized
Detail: Invalid response from
http://www.inteltarget.co.uk/.well-known/acme-challenge/z31PNYwrMAGZayA2VQ39V7nukJZgT-WXXuEFuDfRZlE
[2001:8d8:100f:f000::237]: 204

Domain: inteltarget.co.uk
Type: unauthorized
Detail: Invalid response from
http://inteltarget.co.uk/.well-known/acme-challenge/g4-uKUOaaLskPmpEc4L9YE7SwgAoRXtA8RIwHbE6Nhg
[2001:8d8:100f:f000::237]: 204

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
apachi 2
The operating system my web server runs on is (include version):
with ubuntu 18.04
My hosting provider, if applicable, is:
I keep the server in a vm at google cloud
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.31.0

Hi @serban

you have ipv4- and ipv6 - addresses ( https://check-your-website.server-daten.de/?q=inteltarget.co.uk ):

Host T IP-Address is auth. ∑ Queries ∑ Timeout
inteltarget.co.uk A 35.246.33.75 Newark/New Jersey/United States (US) - GOOGLE - Google LLC Hostname: 75.33.246.35.bc.googleusercontent.com yes 1 0
AAAA 2001:8d8:100f:f000::237 Karlsruhe/Baden-Württemberg/Germany (DE) - DE-SCHLUND yes
www.inteltarget.co.uk A 35.246.33.75 Newark/New Jersey/United States (US) - GOOGLE - Google LLC Hostname: 75.33.246.35.bc.googleusercontent.com yes 1 0
AAAA 2001:8d8:100f:f000::237 Karlsruhe/Baden-Württemberg/Germany (DE) - DE-SCHLUND yes

But checking your /.well-known/acme-challenge there are different answers:

Domainname Http-Status redirect Sec. G
http://www.inteltarget.co.uk/
35.246.33.75 301 http://inteltarget.co.uk/ 0.070 D
http://inteltarget.co.uk/
35.246.33.75 200 0.153 H
http://inteltarget.co.uk/
2001:8d8:100f:f000::237 200 0.054 H
http://www.inteltarget.co.uk/
2001:8d8:100f:f000::237 200 0.053 H
https://inteltarget.co.uk/
35.246.33.75 -4 0.096 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. The handshake failed due to an unexpected packet format.
https://inteltarget.co.uk/
2001:8d8:100f:f000::237 -10 0.050 P
SecureChannelFailure - The request was aborted: Could not create SSL/TLS secure channel.
https://www.inteltarget.co.uk/
35.246.33.75 -4 0.096 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. The handshake failed due to an unexpected packet format.
https://www.inteltarget.co.uk/
2001:8d8:100f:f000::237 -10 0.046 P
SecureChannelFailure - The request was aborted: Could not create SSL/TLS secure channel.
http://inteltarget.co.uk:443/
35.246.33.75 404 0.056 Q
Not Found
Visible Content: Not Found The requested URL / was not found on this server. Apache/2.4.29 (Ubuntu) Server at inteltarget.co.uk Port 80
http://inteltarget.co.uk:443/
2001:8d8:100f:f000::237 400 0.047 Q
Bad Request
Visible Content: 400 Bad Request The plain HTTP request was sent to HTTPS port nginx
http://www.inteltarget.co.uk:443/
35.246.33.75 404 0.050 Q
Not Found
Visible Content: Not Found The requested URL / was not found on this server. Apache/2.4.29 (Ubuntu) Server at www.inteltarget.co.uk Port 80
http://www.inteltarget.co.uk:443/
2001:8d8:100f:f000::237 400 0.047 Q
Bad Request
Visible Content: 400 Bad Request The plain HTTP request was sent to HTTPS port nginx
http://inteltarget.co.uk/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
35.246.33.75 404 0.050 A
Not Found
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server. Apache/2.4.29 (Ubuntu) Server at inteltarget.co.uk Port 80
http://inteltarget.co.uk/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2001:8d8:100f:f000::237 204 0.057 A
Visible Content:
http://www.inteltarget.co.uk/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
35.246.33.75 404 0.050 A
Not Found
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server. Apache/2.4.29 (Ubuntu) Server at www.inteltarget.co.uk Port 80
http://www.inteltarget.co.uk/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
2001:8d8:100f:f000::237 204 0.054 A
Visible Content:

http + "/" have the same answer. https has different, same with /.well-known/acme-challenge:

Ipv4 answers with the expected result http status 404 - Not Found.

Ipv6 has a 204 - http status. That's critical, Letsencrypt prefers ipv6 checking /.well-known/acme-challenge.

You have two options:

  • remove the ipv6 AAAA entry, then create a certificate, then fix ipv6 (or)
  • fix ipv6 directly.

Do you have a

Listen [::]:80
Listen [::]:443
1 Like

Thanks you really saved me, i forgot about the ipv6, now it works.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.