Invalid response on acme-challenge but can access files in the directory


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.walk-my.pet

I ran this command: ./certbot-auto certonly --webroot -w /root/walkmypet-cert -d www.walk-my.pet -d walk-my.pet

It produced this output:
Failed authorization procedure. www.walk-my.pet (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.walk-my.pet/.well-known/acme-challenge/{token}: “{“timestamp”:“2018-11-21T13:05:43.589+0000”,“status”:404,“error”:“Not Found”,“message”:“No message available”,“path”:”/.well-kno", walk-my.pet (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://walk-my.pet/.well-known/acme-challenge/{token}: “{“timestamp”:“2018-11-21T13:05:43.464+0000”,“status”:404,“error”:“Not Found”,“message”:“No message available”,“path”:”/.well-kno"

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: www.walk-my.pet
    Type: unauthorized
    Detail: Invalid response from
    http://www.walk-my.pet/.well-known/acme-challenge/{token}:
    “{“timestamp”:“2018-11-21T13:05:43.589+0000”,“status”:404,“error”:“Not
    Found”,“message”:“No message available”,“path”:”/.well-kno"

    Domain: walk-my.pet
    Type: unauthorized
    Detail: Invalid response from
    http://walk-my.pet/.well-known/acme-challenge/{token}:
    “{“timestamp”:“2018-11-21T13:05:43.464+0000”,“status”:404,“error”:“Not
    Found”,“message”:“No message available”,“path”:”/.well-kno"

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.

My web server is (include version): JBOSS WildFly13

The operating system my web server runs on is (include version): CentOS7

My hosting provider, if applicable, is: Alibaba

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

// I’m able to access http://www.walk-my.pet/.well-known/acme-challenge/test.txt
// I have a folder etc/letsencrypt created with keys etc.
// Seems the thread is very similar to Invalid response on acme-challenge but can access files in the directory

Thanks a lot for your help!


#2

Hi @vovkind

is your webroot really /root/walkmypet-cert?

Or is this a typo, so

/root/walkmypet

is your correct webroot? With the file /root/walkmypet/.well-known/acme-challenge/124 in it?


#3

No. corrected it:
./certbot-auto certonly --webroot -w /root/wildfly-servlet-13.0.0.Final/external_resources/wmp -d www.walk-my.pet -d walk-my.pet

image

Still the same issue:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for walk-my.pet
http-01 challenge for www.walk-my.pet
Using the webroot path /root/wildfly-servlet-13.0.0.Final/external_resources/wmp for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. walk-my.pet (http-01): urn:ietf:params:acme:erro r:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://walk-my.pet/.well-known/acme-challenge/0HnHdpHuLa3w6AFskqpUhlG9klSim -wyQuzc6ov1arY: “{“timestamp”:“2018-11-21T15:59:13.123+0000”,“status”:404, “error”:“Not Found”,“message”:“No message available”,“path”:”/.well-k no", www.walk-my.pet (http-01): urn:ietf:params:acme:error:unauthorized :: The c lient lacks sufficient authorization :: Invalid response from http://www.walk-my .pet/.well-known/acme-challenge/WPJpo16-00NiwCl8sf258XSBYhY-YfWotDdWHp4kC7s: “{\ “timestamp”:“2018-11-21T15:59:13.163+0000”,“status”:404,“error”:“Not Fou nd”,“message”:“No message available”,“path”:”/.well-kno"

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: walk-my.pet
    Type: unauthorized
    Detail: Invalid response from
    http://walk-my.pet/.well-known/acme-challenge/0HnHdpHuLa3w6AFskqpUhlG9klSim-w yQuzc6ov1arY:
    “{“timestamp”:“2018-11-21T15:59:13.123+0000”,“status”:404,“error”:“N ot
    Found”,“message”:“No message available”,“path”:”/.well-kno"

    Domain: www.walk-my.pet
    Type: unauthorized
    Detail: Invalid response from
    http://www.walk-my.pet/.well-known/acme-challenge/WPJpo16-00NiwCl8sf258XSBYhY -YfWotDdWHp4kC7s:
    “{“timestamp”:“2018-11-21T15:59:13.163+0000”,“status”:404,“error”:“N ot
    Found”,“message”:“No message available”,“path”:”/.well-kno"

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.


#4

I have managed. Your question pointed me to change the location and it was worked :wink:

Personal thanks, @JuergenAuer


#5

Yep, the certificate is now created.

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:walk-my.pet&lu=cert_search