Invalid response - html cruft

I maintain certs for five domains. For some reason, one is now failing; it worked the last time I renewed, back in May. I can’t figure out where the HTML codes below, presumably from my Joomla site, are coming from and why they are interfering. TIA

My domain is: wfbrace.net

I ran this command: certbot renew

It produced this output:

• The following errors were reported by the server:

  Domain: wfbrace.net
  Type: unauthorized
  Detail: Invalid response from
  https://wfbrace.net/.well-known/acme-challenge/5G0K_1xuIXNTviTDkS-QWaCo2sgWm4QcNs8Qlvd3slE
  [149.210.176.121]: "<!doctype html>\n\n<!–[if IE 7]>

  <html class=\"no-js ie7 old"

  Domain: www.wfbrace.net
  Type: unauthorized
  Detail: Invalid response from
  https://wfbrace.net/.well-known/acme-challenge/PZH8aIM9azjTjsmt5AwUvD-RmIpdrLOcJiBVQSMfGDQ
  [149.210.176.121]: "<!doctype html>\n\n<!–[if IE 7]>

  <html class=\"no-js ie7 old"

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address

My web server is (include version): apache 2.4.39

The operating system my web server runs on is (include version): FreeBSD 12.0

My hosting provider, if applicable, is: self-managed VPS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

Hi @cbrace

what's the content of your Certbot configuration file?

Check

/etc/letsencrypt/renewal

and share the content of the file.

There is a redirect http -> https ( https://check-your-website.server-daten.de/?q=wfbrace.net ):

Your error message shows the same.

Visible Content: [NO LOGO] 404 - Category not found The requested resource was not found. Go to the Home Page: Home Page .

Perhaps there is a CMS that blocks the validation file.

Hi Jürgen, thanks for your help.

$ cat /usr/local/etc/letsencrypt/renewal/wfbrace.net.conf -->

[renewalparams]
authenticator = webroot
account = c8cbc68dadfaf1007494433c471f0bea
server = https://acme-v02.api.letsencrypt.org/directory
[[webroot_map]]
wfbrace.net = /usr/local/www/wfbrace.net
www.wfbrace.net = /usr/local/www/wfbrace.net

It does indeed look like the CMS is somehow interfering with a redirect, but I don’t know why it is happening here and not for the four other domains on my server, and why it is happening now and not three months ago.

Create the two subdirectories

/usr/local/www/wfbrace.net/.well-known/acme-challenge

there a file (file name 1234), then try to load that file via

 https://wfbrace.net/.well-known/acme-challenge/1234

or use the online tool to check that file.

That's not the solution, only a test.

Your config file doesn't have an installer. Looks like you use certonly.

Other idea: Use the apache authenticator:

certbot -d wfbrace.net -d www.wfbrace.net -a apache certonly

Thanks a lot for the last suggestion! I didn’t have the apache plugin installed but installing py-certbot-apache fixed that. Worked perfectly.

Quick question: I have a cron job that runs “certbot renew” once a month. Will it henceforth use the apache validator automatically for all five of my domains or do I have to explicitly include the “–apache” option?

No, not for all.

But check your config files

/usr/local/etc/letsencrypt/renewal/*

again. The

/usr/local/etc/letsencrypt/renewal/wfbrace.net.conf

should now have something like

authenticator = apache

So you can change your other config files manual. Then "renew" is enough.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.