Invalid response problem for subdomain.example.net


#1

I’m setting up LE for tc.rpgsky.net, while the invalid response error was reported.

{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:acme:error:unauthorized”,
“detail”: "Invalid response from http://tc.rpgsky.net/.well-known/acme-challenge/U2FAMkPuMweE9QtT44FCMbA0uJemt6ylshj1p02V3xA: “\u003c!DOCTYPE HTML\u003e\r\n\u003chtml xml:lang=“zh” lang=“zh” dir=“ltr” class=“tone-dark top-bar-black unsafe-blur-on” prefix=“og: http://ogp.m””,
“status”: 403
}

I changed the challenge file several times but same error reported
Can you offer some help?

new challenge file: http://tc.rpgsky.net/.well-known/acme-challenge/VqYS6v46u_vc3M-4TcjSOzkeGINeefI_eGsVUjJd0aU

curl -v http://tc.rpgsky.net/.well-known/acme-challenge/VqYS6v46u_vc3M-4TcjSOzkeGINeefI_eGsVUjJd0aU

  • Trying 183.158.35.60…
  • Connected to tc.rpgsky.net (183.158.35.60) port 80 (#0)

GET /.well-known/acme-challenge/VqYS6v46u_vc3M-4TcjSOzkeGINeefI_eGsVUjJd0aU HTTP/1.1
Host: tc.rpgsky.net
User-Agent: curl/7.49.1
Accept: /

< HTTP/1.1 200 OK
< Server: marco/0.23
< Date: Tue, 17 Jan 2017 09:52:50 GMT
< Content-Type: application/octet-stream
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Letsencrypt-Verify: on
< X-Cache: Unknown from ctn-zj-lna3-024
< X-Request-Id: ac077a84d4ca3045f9f26ebd2138982a
< Via: M.ctn-zj-lna3-024
<

  • Connection #0 to host tc.rpgsky.net left intact
    VqYS6v46u_vc3M-4TcjSOzkeGINeefI_eGsVUjJd0aU.47vSqVWAlhhrM9qT6uRuFUNlTOcMAxD1NM8F_UpYDQE

#2

You don’t say what command / client you are running, so I can only answer in general.

The client you are running should place a plain text file in your webroot/.well-known/acme-challenge/ folder and then needs to verify it exists there. This is what is failing.

If you create a plain text file called webroot/.well-known/acme-challenge/test (where webroot is the web root directory for your domain ) which just contains the word “ok” you should then be able to do a

curl -I http://tc.rpgsky.net/.well-known/acme-challenge/test

and get the word “ok”. In your case it’s not currently doing that.


#3

I want to get a certificate using Let’s Encrypt ACME protocol, but when request a challenge the invalid response error was reported

====
curl -v http://tc.rpgsky.net/.well-known/acme-challenge/VqYS6v46u_vc3M-4TcjSOzkeGINeefI_eGsVUjJd0aU

and get the response “VqYS6v46u_vc3M-4TcjSOzkeGINeefI_eGsVUjJd0aU.47vSqVWAlhhrM9qT6uRuFUNlTOcMAxD1NM8F_UpYDQE”

not enough?

http://tc.rpgsky.net/.well-known/acme-challenge/VqYS6v46u_vc3M-4TcjSOzkeGINeefI_eGsVUjJd0aU is not challenge yet

=====
"curl -I http://tc.rpgsky.net/.well-known/acme-challenge/test"
this is HEAD request, can get the body “ok” from the request?


#4

I get a 404 not found

curl -I http://tc.rpgsky.net/.well-known/acme-challenge/test
HTTP/1.1 404 Not Found
Server: nginx
Date: Tue, 17 Jan 2017 11:43:38 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Keep-Alive: timeout=60

Have you deleted the test file again ? or is it still there ?


#5

Yes, I deleted the test file. Do the letsencrypt servers check the test file?


#6

No, the letsencrypt servers don’t check the test file. I would though (as I did ) as part of helping to diagnose any issues.


#7

curl http://tc.rpgsky.net/.well-known/acme-challenge/test
and get the response “ok”

plz take a look


#8

I still get a 404 error - Not Found

curl -I http://tc.rpgsky.net/.well-known/acme-challenge/test
HTTP/1.1 404 Not Found
Server: nginx
Date: Tue, 17 Jan 2017 13:15:28 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Keep-Alive: timeout=60

#9

which specific IP address do you request?

curl -v http://tc.rpgsky.net/.well-known/acme-challenge/test

  • Trying 183.158.35.60…
  • Connected to tc.rpgsky.net (183.158.35.60) port 80 (#0)

GET /.well-known/acme-challenge/test HTTP/1.1
Host: tc.rpgsky.net
User-Agent: curl/7.49.1
Accept: /

< HTTP/1.1 200 OK
< Server: marco/0.23
< Date: Tue, 17 Jan 2017 13:17:15 GMT
< Content-Type: application/octet-stream
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Letsencrypt-Verify: on
< X-Cache: Unknown from ctn-zj-lna3-024
< X-Request-Id: 05e1817295887dfae651d3f01ad348b1
< Via: M.ctn-zj-lna3-024
<


#10
curl -I -v  http://tc.rpgsky.net/.well-known/acme-challenge/test
*   Trying 107.154.161.206...
* Connected to tc.rpgsky.net (107.154.161.206) port 80 (#0)
> HEAD /.well-known/acme-challenge/test HTTP/1.1
> Host: tc.rpgsky.net
> User-Agent: curl/7.47.0
> Accept: */*
> 
< HTTP/1.1 404 Not Found

It looks as if you have various DNS problems that need to be fixed. see http://dnsviz.net/d/tc.rpgsky.net/dnssec/


#11

Thx ,I’ll take a look that problems.


#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.