I have a laravel forge configured ssl cert running on ubuntu 16 at linode. the SSL has worked fine for the last 6 months, but is now failing with the below error. I have replaced my actual domain with xxx for security. I have no idea how forge configures ssl, its done via a control panel, but if someone can tell me where to look (e.g. crontab?) then I could try to find out.

Ubuntu 16.04
Linux 4.9.50-x86_64-linode86
nginx/1.13.3

Any idea what the below error means, i.e. what could cause it? The URL it seems to be trying to hit on my server seems to be a crazy url and it doesn’t exist (hence 404).

Creating well known challenge directory…
Installing LetsEncrypt client…
Cloning into ‘letsencrypt1514844671’…
Configuring client…
Restarting Nginx…
Generating Certificate…

INFO: Using main config file /root/letsencrypt1514844671/config

• Generating account key…
• Registering account key with ACME server…
• Done!

INFO: Using main config file /root/letsencrypt1514844671/config

Processing xxx.com with alternative names: www.xxx.com

• Signing domains…
• Creating new directory /root/letsencrypt1514844671/certs/xxx.com …
• Creating chain cache directory /root/letsencrypt1514844671/chains
• Generating private key…
• Generating signing request…
• Requesting challenge for xxx.com…
• Requesting challenge for www.xxx.com…
• Responding to challenge for xxx.com…
  ERROR: Challenge is invalid! (returned: invalid) (result: {
  “type”: “http-01”,
  “status”: “invalid”,
  “error”: {
  “type”: “urn:acme:error:unauthorized”,
  “detail”: “Invalid response from http://xxx.com/.well-known/acme-challenge/Xm_dEgojdRafrJiGokhy2OzmkbkpKow4wU42EGuVcuE: “\u003c!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e404 Not Found\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eNot Found\u003c/h1\u003e\n\u003cp””,
  “status”: 403
  },
  “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/KM-3EpyjJ6YoCULR0aYvNtayBOzk_yulDislqlJNgNM/2949488318”,
  “token”: “Xm_dEgojdRafrJiGokhy2OzmkbkpKow4wU42EGuVcuE”,
  “keyAuthorization”: “Xm_dEgojdRafrJiGokhy2OzmkbkpKow4wU42EGuVcuE.Yjite989-ZJoWkfDfT9K4zE0eYG5Zm3VXqqZ-vqF2B4”,
  “validationRecord”: [
  {
  “url”: “http://xxx.com/.well-known/acme-challenge/Xm_dEgojdRafrJiGokhy2OzmkbkpKow4wU42EGuVcuE”,
  “hostname”: “xxx.com”,
  “port”: “80”,
  “addressesResolved”: [
  “xxxxxx”
  ],
  “addressUsed”: “xxx”,
  “addressesTried”: []
  }
  ]
  })

Hello,

What is your real domain? Redacting it makes it really hard to help you.

The general issue is that Let’s Encrypt needs to be able to make successful requests to your site http://xxx.com/.well-known/acme-challenge/ URL, which is automatically created and has a file put inside it by the Let’s Encrypt client.

There are a number of hints as to the cause on this page: https://laracasts.com/discuss/channels/forge/letsencrypt-error-challenge-is-invalid-on-forge

Perhaps you can create a test file within the .well-known/acme-challenge directory used by Forge, and confirm that it can be fetched externally. My Googling came up with /home/forge/.letsencrypt as a possible location for the directory, but I am not sure. Check in /etc/nginx for a file like /etc/nginx/forge-conf/xxx.com/server/letsencrypt_challenge.conf or similar.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.