Token Mismatch error even with correct validation setup


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

We are getting token mismatch for the domain The redirect is set up correctly. It is not clear as to why the validation fails here.

curl -s -D - “” -o /dev/null

HTTP/1.1 301 Moved Permanently
Date: Thu, 26 Jul 2018 17:46:46 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 300
Set-Cookie: SERVERID567=204029; path=/; max-age=900
Server: Apache
Cache-Control: max-age=86400
Expires: Fri, 27 Jul 2018 17:46:46 GMT
X-IPLB-Instance: 18163

API response.
“size” : 1,
“data” : [ {
“name” : “”,
“expires” : “Aug 3, 2018 10:53:10 AM”,
“domainStatus” : “awaiting”,
“path” : “”,
“pathStatus” : “TOKEN_MISMATCH”,
“redirectPath” : “”,
“redirectStatus” : “READY”,
“token” : “hfWgyNJN0bsgKTovIbJuJpfG-e4fJf3JVi-Gg9yJuYY.I0NKvfPV_1vzF4OUaCihD164ZON3BPMjHH4MGX1uGT4”
} ]


Hi @sakrpa,

The API response you shared is not from Boulder/Let’s Encrypt. It looks more like some kind of internal pre-flight check. I was also able to confirm that while we’ve seen a new-authz request for this domain name we have not seen any associated challenges POSTed to perform an actual HTTP-01 validation request.

Are you sure this is an issue that Let’s Encrypt can help address?


Hi @sakrpa

testing this:

D:\download -h
Transfer-Encoding: chunked
Vary: Cookie
Content-Type: text/html; charset=UTF-8
Date: Fri, 27 Jul 2018 15:17:56 GMT
Set-Cookie: SERVERID567=204029; path=/; max-age=900,PHPSESSID=ca7523e09d65a44a73717dc077a31f80; path=/
Server: Apache
X-Powered-By: PHP/7.0.30
Pragma: no-cache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-IPLB-Instance: 18167

Status: 301 MovedPermanently

there is a redirect. But

D:\download -h

Has your curl additional rights?

Testing your url with a browser I get a

 404 - page not found 

Ooops, sorry! We couldn’t find it
You have requested a page or file which doesn’t exist

So Letsencrypt may have the same problem to find your file.


I believe what happened is that the redirect was setup only for a small time period and validation did not go through during that time period. Currently, redirect is broken so I will work on setting that up again. Thanks for the assistance.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.