Letsencrypt Invalid response

My domain is:
–.nl
I ran this command:
sudo certbot --staging certonly --webroot -w /var/www/virtual/-- -d --.nl
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for --.nl
Using the webroot path /var/www/virtual/-- for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Unable to clean up challenge directory /var/www/virtual/–/.well-known/acme-challenge
Failed authorization procedure. --.nl (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://–.nl/.well-known/acme-challenge/mypwSj_CAeRqjAL31ppEcOn98ZrxpmWWFpQ2Y1OFoGQ: "

<meta http-equiv="Content-Type" conte"

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: --.nl
    Type: unauthorized
    Detail: Invalid response from
    http://–.nl/.well-known/acme-challenge/mypwSj_CAeRqjAL31ppEcOn98ZrxpmWWFpQ2Y1OFoGQ:
    "

    <meta http-equiv="Content-Type" conte"

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.
    My web server is (include version):
    nginx/1.10.3 (Ubuntu)
    The operating system my web server runs on is (include version):
    Ubuntu 16.04.3 LTS
    My hosting provider, if applicable, is:
    domain: Oxilion, VM on Azure
    I can login to a root shell on my machine (yes or no, or I don’t know):
    yes
    I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
    no

When I use the --manual parameter, I create the files myself. Afther this I actually can download the files and the content is correct. But Letsencrypt seems not doing the request on my server. I cannot see it in access.log of nginx.

I cannot download the mentioned files, too.

Ok, this was because certbot removes them when ready. For your test I added the file manually, should work now?

And you need te remove the colon:

So this should work: http://–.nl/.well-known/acme-challenge/mypwSj_CAeRqjAL31ppEcOn98ZrxpmWWFpQ2Y1OFoGQ

When using --manual, certbot should not remove anything. Just try again.

Done that:
usr@srv:/etc/nginx$ sudo certbot --staging certonly --manual -d --.nl
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for --.nl


NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you’re running certbot in manual mode on a machine that is not
your server, please ensure you’re okay with that.

Are you OK with your IP being logged?

(Y)es/(N)o: y


Create a file containing just this data:

_1lhu8yKcah5SP3BLtnNt–DDOcxfoO3GIB78qhRR1M.L3WrNgS3tdjdBdwdti2nfaUP0Cvnvk_bOQONDKyNaNI

And make it available on your web server at this URL:

http://–.nl/.well-known/acme-challenge/_1lhu8yKcah5SP3BLtnNt–DDOcxfoO3GIB78qhRR1M


Press Enter to Continue
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. --.nl (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://–.nl/.well-known/acme-challenge/_1lhu8yKcah5SP3BLtnNt–DDOcxfoO3GIB78qhRR1M: "

<meta http-equiv="Content-Type" conte"

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: --.nl
    Type: unauthorized
    Detail: Invalid response from
    http://–.nl/.well-known/acme-challenge/_1lhu8yKcah5SP3BLtnNt–DDOcxfoO3GIB78qhRR1M:
    "

    <meta http-equiv="Content-Type" conte"

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

You have deployed ipv4+ipv6, is your webserver equally configured for both?

No I think not, is this required? When ipv6 is enabled, Letsencrypt uses that and not ipv4?

Right. IPv6 has a higher precedence. You should configure your webserver accordingly or get rid of the AAAA-Record if you don't need IPv6 connectivity.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.