I'm setting up LE for tc.rpgsky.net , while the invalid response error was reported.
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:unauthorized",
"detail": "Invalid response from http://tc.rpgsky.net/.well-known/acme-challenge/U2FAMkPuMweE9QtT44FCMbA0uJemt6ylshj1p02V3xA: "\u003c!DOCTYPE HTML\u003e\r\n\u003chtml xml:lang="zh" lang="zh" dir="ltr" class="tone-dark top-bar-black unsafe-blur-on" prefix="og: http://ogp.m "",
"status": 403
}
I changed the challenge file several times but same error reported
Can you offer some help?
new challenge file: http://tc.rpgsky.net/.well-known/acme-challenge/VqYS6v46u_vc3M-4TcjSOzkeGINeefI_eGsVUjJd0aU
curl -v http://tc.rpgsky.net/.well-known/acme-challenge/VqYS6v46u_vc3M-4TcjSOzkeGINeefI_eGsVUjJd0aU
Trying 183.158.35.60...
Connected to tc.rpgsky.net (183.158.35.60) port 80 (#0 )
GET /.well-known/acme-challenge/VqYS6v46u_vc3M-4TcjSOzkeGINeefI_eGsVUjJd0aU HTTP/1.1
Host: tc.rpgsky.net
User-Agent: curl/7.49.1
Accept: /
< HTTP/1.1 200 OK
< Server: marco/0.23
< Date: Tue, 17 Jan 2017 09:52:50 GMT
< Content-Type: application/octet-stream
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Letsencrypt-Verify: on
< X-Cache: Unknown from ctn-zj-lna3-024
< X-Request-Id: ac077a84d4ca3045f9f26ebd2138982a
< Via: M.ctn-zj-lna3-024
<
Connection #0 to host tc.rpgsky.net left intact
VqYS6v46u_vc3M-4TcjSOzkeGINeefI_eGsVUjJd0aU.47vSqVWAlhhrM9qT6uRuFUNlTOcMAxD1NM8F_UpYDQE
You don’t say what command / client you are running, so I can only answer in general.
The client you are running should place a plain text file in your webroot/.well-known/acme-challenge/ folder and then needs to verify it exists there. This is what is failing.
If you create a plain text file called webroot/.well-known/acme-challenge/test (where webroot is the web root directory for your domain ) which just contains the word “ok” you should then be able to do a
curl -I http://tc.rpgsky.net/.well-known/acme-challenge/test
and get the word “ok”. In your case it’s not currently doing that.
I want to get a certificate using Let’s Encrypt ACME protocol, but when request a challenge the invalid response error was reported
====
curl -v http://tc.rpgsky.net/.well-known/acme-challenge/VqYS6v46u_vc3M-4TcjSOzkeGINeefI_eGsVUjJd0aU
and get the response “VqYS6v46u_vc3M-4TcjSOzkeGINeefI_eGsVUjJd0aU.47vSqVWAlhhrM9qT6uRuFUNlTOcMAxD1NM8F_UpYDQE”
not enough?
http://tc.rpgsky.net/.well-known/acme-challenge/VqYS6v46u_vc3M-4TcjSOzkeGINeefI_eGsVUjJd0aU is not challenge yet
=====
"curl -I http://tc.rpgsky.net/.well-known/acme-challenge/test "
this is HEAD request, can get the body “ok” from the request?
I get a 404 not found
curl -I http://tc.rpgsky.net/.well-known/acme-challenge/test
HTTP/1.1 404 Not Found
Server: nginx
Date: Tue, 17 Jan 2017 11:43:38 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Keep-Alive: timeout=60
Have you deleted the test file again ? or is it still there ?
Yes, I deleted the test file. Do the letsencrypt servers check the test file?
No, the letsencrypt servers don’t check the test file. I would though (as I did ) as part of helping to diagnose any issues.
I still get a 404 error - Not Found
curl -I http://tc.rpgsky.net/.well-known/acme-challenge/test
HTTP/1.1 404 Not Found
Server: nginx
Date: Tue, 17 Jan 2017 13:15:28 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Keep-Alive: timeout=60
which specific IP address do you request?
curl -v http://tc.rpgsky.net/.well-known/acme-challenge/test
Trying 183.158.35.60...
Connected to tc.rpgsky.net (183.158.35.60) port 80 (#0 )
GET /.well-known/acme-challenge/test HTTP/1.1
Host: tc.rpgsky.net
User-Agent: curl/7.49.1
Accept: /
< HTTP/1.1 200 OK
< Server: marco/0.23
< Date: Tue, 17 Jan 2017 13:17:15 GMT
< Content-Type: application/octet-stream
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Letsencrypt-Verify: on
< X-Cache: Unknown from ctn-zj-lna3-024
< X-Request-Id: 05e1817295887dfae651d3f01ad348b1
< Via: M.ctn-zj-lna3-024
<
curl -I -v http://tc.rpgsky.net/.well-known/acme-challenge/test
* Trying 107.154.161.206...
* Connected to tc.rpgsky.net (107.154.161.206) port 80 (#0)
> HEAD /.well-known/acme-challenge/test HTTP/1.1
> Host: tc.rpgsky.net
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 404 Not Found
It looks as if you have various DNS problems that need to be fixed. see http://dnsviz.net/d/tc.rpgsky.net/dnssec/
1 Like
Thx ,I’ll take a look that problems.
system
Closed
February 16, 2017, 1:44pm
12
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.