Problem generating certificates "challenged marked as invalid"

Hello everyone!
We use yours services to generate the certificates of the domains registered by our users, we never had problems to solve the challenge.

The fact is that we have 3 point domains that return us “challenged marked as invalid”

They are

You could check if there is any type of impediment to generate certificates of those domains. We have thousands that work correctly and these 3 are puzzling us.

Please fill out the suggested questions presented when you created this topic, as most of them are things we would need to ask you in order to support you further. In particular, questions pertaining to how you’re attempting issue and the full output of those attempts are most important.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Hello!
Sorry for the delay, I attached the command that we are running.

I ran this command: https://acme-v01.api.letsencrypt.org/acme/challenge/QB0qpjcOwtYuB52SVm5k3lR9rDX6v97FU8qWCqxW6p0/2462370064

I received this answer:
"
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn: acme: error: unauthorized”,
“detail”: "Invalid response from http://diamondfem.com/.well-known/acme-challenge/EktSrCs2-DEnywP5jwlZm1GKaJhfLFkPONMyBQ0kj6Y: " \ n \ u003c! DOCTYPE html \ u003e \ n \ u003chtml lang = \ "en \ "\ u003e \ n \ u003chead \ u003e \ n \ u003cmeta http-equiv = " content-type \ "content = " text / html; charset = utf-8 \ "\ u003e \ n \ u003ctitle \ u003ePage not " "
“status”: 403
},
“uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/QB0qpjcOwtYuB52SVm5k3lR9rDX6v97FU8qWCqxW6p0/2462370064”,
“token”: “EktSrCs2-DEnywP5jwlZm1GKaJhfLFkPONMyBQ0kj6Y”,
“keyAuthorization”: “EktSrCs2-DEnywP5jwlZm1GKaJhfLFkPONMyBQ0kj6Y.q87g1C0ug-YSOf8yMGGRIGGwfK_uWGwRW-OU1Svzdzc”,
“validationRecord”: [
{
“url”: “http://diamondfem.com/.well-known/acme-challenge/EktSrCs2-DEnywP5jwlZm1GKaJhfLFkPONMyBQ0kj6Y”,
“hostname”: “diamondfem.com”,
“port”: “80”,
“addressesResolved”: [
“52.200.197.31”,
“2605: de00: 1: 1: 4a: 13: 0: 123”
],
“addressUsed”: “2605: de00: 1: 1: 4a: 13: 0: 123”,
“addressesTried”:
}
]
} "

The problem is that we store the answers for a while, to validate the certificates.


As you can see in the screenshot the URL where you get a 403 error, it works correctly.

So we do not know what is going on

It looks like you’re returning an HTML page (looks like an error page) in response to that challenge instead of the actual challenge file.

Note that this is attempting to connect over an IPv6 address, when you’re advertising both an IPv4 and IPv6 address in DNS. Could you verify that whatever is listening on the IPv6 address is also returning this challenge correctly? Note, the 403 is the status from Let’s Encrypt, not the status Let’s Encrypt sees from your web server.

2 Likes

Great! I’m going to verify that then!

Thank you very much for the prompt response, really that you do is great!

Regards!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.