Le_http_01_cert_challenge.conf File Exists, But Is Empty

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
various

I ran this command:
sudo certbot-auto --nginx --debug-challenges -v certonly -d libanswers.[redacted].ca

It produced this output:
Challenge failed for domain libanswers.[redacted].ca
http-01 challenge for libanswers.[redacted].ca
Reporting to user: The following errors were reported by the server:

Domain: libanswers.[redacted].ca
Type: unauthorized
Detail: Invalid response from http://libanswers.[redacted].ca/.well-known/acme-challenge/GHHfwSK9n2IZWaK–dfIQQe489g8lHuJMSMlN1PBai4 [35.182.140.170]: “\r\n404 Not Found\r\n\r\n

404 Not Found

\r\n
nginx\r\n”

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
Encountered exception:
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 154, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.

Calling registered functions
Cleaning up challenges
Exiting abnormally:
Traceback (most recent call last):
File “/bin/certbot-auto”, line 9, in
load_entry_point(‘certbot==0.39.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1378, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 1265, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 405, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 348, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 384, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 90, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/auth_handler.py”, line 154, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
AuthorizationError: Some challenges have failed.
Some challenges have failed.

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: libanswers.[redacted].ca
    Type: unauthorized
    Detail: Invalid response from
    http://libanswers.[redacted].ca/.well-known/acme-challenge/GHHfwSK9n2IZWaK–dfIQQe489g8lHuJMSMlN1PBai4
    [35.182.140.170]: “\r\n404 Not
    Found\r\n\r\n

    404 Not
    Found

    \r\n
    nginx\r\n”

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version):
nginx/1.16.1

The operating system my web server runs on is (include version):
Centos7

My hosting provider, if applicable, is:
AWS (EC2)

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.39.0

===

First off, I want to note that this server has been used to issue many dozens of certs in the past so I don’t think there is a problem with the install itself.

After passing the “-v” option in the call I was able to see that a challenge file was created at /etc/letsencrypt/le_http_01_cert_challenge.conf, and a reference to that file was added to my /etc/nginx/nginx.conf configuration file. But the /etc/letsencrypt/le_http_01_cert_challenge.conf itself is blank, 0 bytes.

All I am wondering is whether or not that file is meant to be empty when I reach the “Challenges loaded. Press continue to submit to CA.” prompt?

1 Like

It’s normal for the file to be empty, yes.

If you look at your nginx virtual host configuration files during the pause (e.g… /etc/nginx/conf.d/your-vhost.conf), you will notice that Certbot has modified them inline with the rules for the challenge response.

That will also provide you clues as to why the challenge response is apparently not visible by an external request - and provide you an opportunity to perform the request yourself and see how your configuration responds to it

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.