Renewing cert, invalid response (404)


#1

The problem I’m running in to here is that we want to setup HTTPS. But this results in a ‘not found’ response. The strange this is, that when I call the URL that supposedly gives a 404 response manually, it simply returns the code.

More information below. Can someone tell me what could be the issue here?

I ran this command:
/usr/share/git/acme.sh/acme.sh --server https://acme-v01.api.letsencrypt.org/directory --home /root/.acme.sh -d {domain url} -w {projectfolder} --issue --force --debug

It produced this output:
[Thu May 31 17:39:34 CEST 2018] {hostname}:Verify error:Invalid response from http://{hostname}/.well-known/acme-challenge/{code}:
[Thu May 31 17:39:34 CEST 2018] Debug: get token url.
[Thu May 31 17:39:34 CEST 2018] GET
[Thu May 31 17:39:34 CEST 2018] url=‘http://{hostname}/.well-known/acme-challenge/{code}’
[Thu May 31 17:39:34 CEST 2018] timeout=‘1’
[Thu May 31 17:39:34 CEST 2018] _CURL=‘curl -L --silent --dump-header /root/.acme.sh/http.header --connect-timeout 1’

404 Not Found

Not Found

The requested URL /.well-known/acme-challenge/{code} was not found on this server.

My web server is apache 2.4.6
The operating system my web server runs on is CentOS 7.5.1708

I can login to a root shell on my machine.
I’m not using a control panel to manage my site


#2

Hi,

I’m guessing that your ipv6 doesn’t work…

Can you please generate a file to the folder (.well-known/acme-challenge/) and check if ipv4 and ipv6 address showed the same content?

Thank you


#3

However, after a deeper look, your server is serving incorrect certificate on both addresses…

On ipv6, *.hostnet.nl was served
On ipv4, 15seconds.lwprod.nl was served.

Also, on ipv6, the domain is serving an website like:

(I can’t check what’s serving on ipv4 now, but it looks different…)

Thank you


#4

Looks like you’re right. IPv4 looks like this:

image


#5

Lol… @jmorahan so that’s probably why it’s 404…

@jja in this case, you would need to make sure your ipv6 webpage is as same as ipv4 pages. (IDK how you set it up…)

For now, if you are able to resolve this quickly, do it… Or, just remove the ipv6 record first, then verify using certbot. (Since LE service prefer ipv6 than ipv4… So if your ipv6 exist and not working, you would need to resolve this first)

Thank you and good luck :smile:


#6

The problem was indeed the ipv6 record pointing to the wrong address.
The issue has been resolved now.

Thanks for your help!


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.