Subdomain install: lE http challenged failed "Invalid Response from..."


#1

Using Cpanel , I am able to install LE certs for these domains [meandyouis.us www_meandyouis dot us], but when I attempt to add certs for sub-domains other than www, the following error occurs:

There was a problem processing your request
Error issuing certificate for domain
www2_meandyouis us
Failed to issue certificate
The Let’s Encrypt HTTP challenge failed: acme error ‘urn:acme:error:unauthorized’: Invalid response from http-//www2_meandyouis us/.well-known/acme-challenge/pbH2U_pDA-nRRW9uB7Iuk23DHGipqhlMK_jef8sot64 [162.244.94.8]: 404
( Running cPanel, Inc. 11.52.2.2)

Accessing this url in a browser:
http-//www2_meandyouis.us/
results in the error:

This server could not prove that it is www2_meandyouis.us; its security certificate is from michaelwilsonfineart_com. This may be caused by a misconfiguration or an attacker intercepting your connection.

So, it seems accessing:
http-//www2_meandyouis us/ (NON-SSL)
redirects to:
https://www2_meandyouis us/ (SSL)
which attempts reports an SSL cert from michelwilsonfineart com (another domain on my IP).

To discover the reason, I verified no redirects are in place on the domain to move users from http to https.

I believe the issue here is related to SNI on on shared hosting platform, or perhaps related to
The “michaelwilsonfineart com” website, as it is listed as the “Primary Website on IP Address” in the WHM dashboard. Running (CLOUDLINUX 6.7 x86_64 standard WHM 11.52.2 (build 2)). I removed the SSL cert for michaelwilsonfineart com in WHM, then re-attempted the LE issuance, and a new domain name showed instead of michaelwilsonfineart com- so it seems this isn’t related to the domain.

I didn’t find anything similar to this in the forums. I’m hosted at BuyVM / Frantech.ca (they seem to be known for VMs instead of shared hosting).

TROUBLESHOOTING:
Deleted all SSL certs for domain and subdomains related to meandyouis.us
Deleted and reinstalled certs for other domains (michaelwilsonfineart_com)
Reinstalled LetsEncrypt on domains, verified “installed” shows in Cpanel.
Attempted other subdomains (same issue with www2 I noted above).
Generated and applied self-signed SSL cert from Cpanel, verified it was working (browser showed expected “Self-signed” warning), then re-attempted to issue with LE= same error.

I don’t have root access the the server (Shared), and when I SSH, I verified the letsencrypt command isn’t available to me.

I love being able to click “reissue”. This is amazing.

What other info can I provide?


#2

I’d have expected it to work with the self signed cert.

Was it exactly the same error ? and could you reach http-//www2_meandyouis.us/.well-known/acme-challenge/something when using the self signed cert ?


#3

Hi Serverco!

Was it exactly the same error ?
Yes, I received the same error (different hash) when attempting to create the LE cert in Cpanel.

and could you reach http-//www2_meandyouis.us/.well-known/acme-challenge/something when using the self signed cert ?
No, I am redirected-

Create Self-Signed Cert in Cpanel.
Install Self-Signed Cert on labs_meandyouis_us
Access labs_meandyouis_us in browser = I am redirected to the michaelwilsonsite (the primary SSL cert site noted in WHM).

There was a problem processing your request
Error issuing certificate for domain
labs_meandyouis_us
Failed to issue certificate
The Let’s Encrypt HTTP challenge failed: acme error ‘urn:acme:error:unauthorized’: Invalid response from http://labs_meandyouis_us/.well-known/acme-challenge/jehSnxB9a5qtRfFIpnUGsoP6ZeoIvEsxxxxxxxx [162.244.94.8]: 404


#4

the redirect would have caused the issue. Looking now at http-//www2_meandyouis.us/.well-known/acme-challenge/ it looks as if you have corrected the redirect ( I was not redirected when I just tried), so hopefully you should be able to generate a cert now.