Malformed .well-known/acme-challenge URL

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: wm.hutorny.in.ua

I ran this command: acme.sh --staging --standalone --issue -d wm.hutorny.in.ua

It produced this output:
[Sun May 5 14:43:39 CEST 2019] Using stage ACME_DIRECTORY: https://acme-staging-
v02.api.letsencrypt.org/directory
[Sun May 5 14:43:39 CEST 2019] Standalone mode.
[Sun May 5 14:43:39 CEST 2019] Single domain=‘wm.hutorny.in.ua’
[Sun May 5 14:43:39 CEST 2019] Getting domain auth token for each domain
[Sun May 5 14:43:40 CEST 2019] Getting webroot for domain=‘wm.hutorny.in.ua’
[Sun May 5 14:43:40 CEST 2019] Verifying: wm.hutorny.in.ua
[Sun May 5 14:43:40 CEST 2019] Standalone mode server
[Sun May 5 14:43:44 CEST 2019] wm.hutorny.in.ua:Verify error:Fetching https://wm.hutorny.in.ua.well-known/acme-challenge/MrmFc3okfUUNYaXTmTZL2NYTlUjYinTqPu3IkfSQdRk: Invalid host in redirect target
[Sun May 5 14:43:44 CEST 2019] Please check log file for more details: /root/.acme.sh/acme.sh.log

My web server is (include version): Apache/2.4.10

The operating system my web server runs on is (include version): Linux Debian-83-jessie-64-LAMP 3.16.0-4-amd64 #1 SMP Debian 3.16.51-2 (2017-12-03) x86_64 GNU/Linux

My hosting provider, if applicable, is: selfhosted

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): acme.sh v2.8.2

I have multiple web sites and one of them is roundcube under apache. For other sites I am getting no error and only wm.hutorny.in.ua fails. I’ve tried --apache, --webroot and --standalone options and all of them fail with the same error: Verify error:Fetching https://wm.hutorny.in.ua.well-known/acme-challenge/

The URL it tries to fetch is malformed - it should be https://wm.hutorny.in.ua/well-known/acme-challenge/ instead

Hi @hutorny

checking your domain via https://check-your-website.server-daten.de/?q=wm.hutorny.in.ua there you see the problem:

Domainname Http-Status redirect Sec. G
http://wm.hutorny.in.ua/
78.47.227.185 301 https://wm.hutorny.in.ua 0.050 A
https://wm.hutorny.in.ua 200 0.280 N
Certificate error: RemoteCertificateNameMismatch
https://wm.hutorny.in.ua/
78.47.227.185 200 0.546 N
Certificate error: RemoteCertificateNameMismatch
http://wm.hutorny.in.ua/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
78.47.227.185 301 https://wm.hutorny.in.ua.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.050 A
Visible Content: Moved Permanently The document has moved here . Apache/2.4.10 (Debian) Server at wm.hutorny.in.ua Port 80
https://wm.hutorny.in.ua.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de -1 0.030 R
NameResolutionFailure - The remote name could not be resolved: 'wm.hutorny.in.ua.well-known'

You have redirect with a missing "/". So redirecting the domain works ~~, but redirecting a subdirectory produces the wrong domain name wm.hutorny.in.ua.well-known.

So check your redirect rule http -> https and add a /.

Perhaps after your %{SERVER_NAME}

2 Likes

Thank you very much! Fixing redirect has solved the problem!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.