Let's Encrypt Verification failed

jschotte · December 18, 2019, 10:34am

Hello,

I recenlty tried to renew my certificate but it didn’t work.
(I cannot put the real domain name for security sorry)

I got this error :

 Domain: <MyWebSite>
   Type:   unauthorized
   Detail: Invalid response from
   https://<MyWebSite>/.well-known/acme-challenge/0ow6BqlDpWQKEP8gOgf1UCnf2j8qGpRaybPNP7l0CJ0/

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

I already search a lot on internet, and people said to try to curl a test file and it’s working

curl -ikL4 https://<MyWebSite>/.well-known/acme-challenge/test
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Wed, 18 Dec 2019 10:27:09 GMT
Content-Type: application/octet-stream
Content-Length: 7
Last-Modified: Wed, 18 Dec 2019 09:44:21 GMT
Connection: keep-alive
ETag: "5df9f4f5-7"
Accept-Ranges: bytes

But with ipv6 it didn’t work

curl -ikL6 https://<MyWebSite>/.well-known/acme-challenge/test
curl: (6) Could not resolve host: <MyWebSite>

I am using Nginx

Is the issue come from ipv6 ? Or it something else ?

Thanks for you help
Jeremy

JuergenAuer · December 18, 2019, 10:42am

Hi @jschotte

your domain name is required.

You may use tools like https://check-your-website.server-daten.de/ (own tool) or https://letsdebug.net/ ( @_az ), but it's required to see how your configuration answers.

And all answers are required:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

danb35 · December 18, 2019, 11:01am

This is likely your problem; if you host has both A and AAAA records, LE will try to connect with IPv6. But also, when testing the challenge file, you should be testing it with a HTTP connection, not HTTPS.

mnordhoff · December 18, 2019, 12:00pm

Also, how come there’s a / at the end of the HTTPS URL?

jschotte · December 18, 2019, 1:30pm

In fact we juste have a CNAME record pointing to my Nginx server.

But I don’t understand why it’s not working anymore
Because I have a cron task which renew the certificate, and it was working before

And I have tried with HTTP and I’ve got the same result

system · January 17, 2020, 1:30pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certbot: Invalid response http://www.example.org/.well-known/acme-challenge Help	52	1118	July 30, 2023
Trouble renewing certificate due to incorrect IP address Help	4	1236	April 6, 2020
Error Getting Validation Data Help	4	5318	April 6, 2019
Trying to renew expired certificate Help	10	1074	March 3, 2019
Unable to renew cert Help	1	588	January 1, 2021

Let's Encrypt Verification failed

Related topics