Trying to get certificate - error Challenge is invalid

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: telgtw.scapalsace.fr
alias: telmbg.scapalsace.fr

Running a Mitel linux server on private LAN behind a firewall, I'm unable to get certificate.

Below, the error output :
Challenge is invalid! (Status: invalid). Details: http-01["status"] "invalid"["error","type"] "urn:ietf:params:acme:error:unauthorized"["error","detail"] "193.138.169.141: Invalid response from http://telmbg.scapalsace.fr/.well-known/acme-challenge/dmgJTOiKtAZhxUBmyCOiiff2noao7jO7Esvi_BZD2Ag: 404"["error","status"] 403["error"] {"type":"urn:ietf:params:acme:error:unauthorized","detail":"193.138.169.141: Invalid response from http://telmbg.scapalsace.fr/.well-known/acme-challenge/dmgJTOiKtAZhxUBmyCOiiff2noao7jO7Esvi_BZD2Ag: 404","status":403}["url"] "https://acme-v02.api.letsencrypt.org/acme/chall-v3/215468841487/YUZqjg"["token"] "dmgJTOiKtAZhxUBmyCOiiff2noao7jO7Esvi_BZD2Ag"["validationRecord",0,"url"] "http://telmbg.scapalsace.fr/.well-known/acme-challenge/dmgJTOiKtAZhxUBmyCOiiff2noao7jO7Esvi_BZD2Ag"["validationRecord",0,"hostname"] "telmbg.scapalsace.fr"["validationRecord",0,"port"] "80"["validationRecord",0,"addressesResolved",0] "193.138.169.141"["validationRecord",0,"addressesResolved"] ["193.138.169.141"]["validationRecord",0,"addressUsed"] "193.138.169.141"["validationRecord",0] {"url":"http://telmbg.scapalsace.fr/.well-known/acme-challenge/dmgJTOiKtAZhxUBmyCOiiff2noao7jO7Esvi_BZD2Ag","hostname":"telmbg.scapalsace.fr","port":"80","addressesResolved":["193.138.169.141"],"addressUsed":"193.138.169.141"}["validationRecord"] [{"url":"http://telmbg.scapalsace.fr/.well-known/acme-challenge/dmgJTOiKtAZhxUBmyCOiiff2noao7jO7Esvi_BZD2Ag","hostname":"telmbg.scapalsace.fr","port":"80","addressesResolved":["193.138.169.141"],"addressUsed":"193.138.169.141"}]["validated"] "2023-03-31T08:06:19Z" - .
Can someone help ?

Hi @alain, and welcome to the LE community forum :slight_smile:

Please take the time to answer some more of the help topic questions:


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):


Help us to help you!

3 Likes

Hi,
There's a built-in process to get certificate, so most of the requested infos cannot be provided!!

Operating system : Linux 11.0.90

access to root shell : yes

You might have to reach out to Mitel support.

But the server does show Apache:

curl -Ii http://telmbg.scapalsace.fr/.well-known/acme-challenge/dmgJTOiKtAZhxUBmyCOiiff2noao7jO7Esvi_BZD2Ag
HTTP/1.1 404 Not Found
Date: Fri, 31 Mar 2023 11:35:01 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains
Content-Type: text/html; charset=iso-8859-1

So there might be something you can do there...
Try running:
sudo apachectl -t -D DUMP_VHOSTS

3 Likes

Also... [for those that are following along and may want to help]
This seems like it's the first time that your even try getting a cert for this system [not a cert renewal].
And there was a cert recently issued for that domain:
crt.sh | telmbg.scapalsace.fr

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.