Invalid ResponseFrom

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: certbot --manual certonly

It produced this output:
Plugins selected: Authenticator manual, Installer None
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel):
Cert is due for renewal, auto-renewing...
Renewing an existing certificate for
Performing the following challenges:
http-01 challenge for

Create a file containing just this data:


And make it available on your web server at this URL:

Press Enter to Continue
Waiting for verification...
←[31mChallenge failed for domain←[0m
http-01 challenge for
Cleaning up challenges
←[31mSome challenges have failed.←[0m
←[0m - The following errors were reported by the server:

Type: unauthorized
Detail: Invalid response from
[]: 202

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

My web server is (include version): AWS EC2 Load Balancer

The operating system my web server runs on is (include version): Linux

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.14.0

The AWS has a load balancer in front of two web servers.
The certificate was produced from my PC using a manual process for a number of reasons. it worked last time.
I cannot get the web servers to make a file in .well-known/acme-challenge and make them available. I suspect it is to do with all traffic going to https and certbot only uses non https.

I get around this by creating a response in the AWS console. all traffic matching /.well-known/ is sent a 202 response with the string produced by certbot in it.

That worked last time. this time it is failing with Invalid response from ( file name) [ip address] 202

Going into a linux box and running the command

the return is exactly the string shown above by certbot.
The curl is the exact file name it is meant to get.

Why am I unable to get a certificate returned?

As further info - here is the curl with more detail:
curl -v

  • About to connect() to port 80 (#0)
  • Trying
  • Connected to ( port 80 (#0)

GET /.well-known/acme-challenge/wtf HTTP/1.1
User-Agent: curl/7.29.0
Accept: /

< HTTP/1.1 202 Accepted
< Server: awselb/2.0
< Date: Sat, 17 Jul 2021 10:03:23 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 87
< Connection: keep-alive

  • Connection #0 to host left intact

Let's Encrypt is intolerant of response status codes other than HTTP 200.


And of course 30x redirects :wink:


Thank you for your help. The 200 did it.
As a note 202 worked 3 months ago.

Appreciate the support

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.