Verify error: Invalid Response from

mdabney918 · April 5, 2019, 4:33pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:sstire.com

I ran this command:/home/mdabney/acme.sh/acme.sh --issue --apache -d sstire.com -d www.sstire.com -d cp.sstire.com --force --debug 2

It produced this output:
Would not allow me to past log
Error - sstire.com:Verify error:Invalid response from https://ssl-purchase.wpengine.io/acme-challenge/KoeAyoCYD0B4_k2McaUUdngEaHYY14-PIO1XAighXeo [54.165.51.142]: 404

My web server is (include version): Apache 2.2.17

The operating system my web server runs on is (include version): OpenSuse11.4

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): using acme.sh.

JuergenAuer · April 5, 2019, 4:48pm

Hi @mdabney918

checking your domain there is an interesting redirect ( https://check-your-website.server-daten.de/?q=sstire.com )

Domainname	Http-Status	redirect	Sec.	G
• http://sstire.com/
35.197.26.189	301	http://www.sstire.com/	0.310	D

• http://www.sstire.com/
35.197.26.189	301	https://www.sstire.com/	0.310	A

• https://sstire.com/
35.197.26.189	301	https://www.sstire.com/	1.750	B

• https://www.sstire.com/
35.197.26.189	200		2.550	B

• http://sstire.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
35.197.26.189	302	https://ssl-purchase.wpengine.io/acme-challenge/check-your-website-dot-server-daten-dot-de	0.310	E
Visible Content: 302 Found nginx

• http://www.sstire.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
35.197.26.189	302	https://ssl-purchase.wpengine.io/acme-challenge/check-your-website-dot-server-daten-dot-de	0.313	E
Visible Content: 302 Found nginx

• https://ssl-purchase.wpengine.io/acme-challenge/check-your-website-dot-server-daten-dot-de	404		1.473	A
Not Found
Visible Content:

It's the same in your error message. If you use http-01 validation, the client creates a file in /.well-known/acme-challenge, Letsencrypt checks that file.

But there is a redirect to ssl-purchase.wpengine.io.

It this a redirect of your provider?

ssl-purchase.wpengine.io has a valid Letsencrypt certificate:

CN=ssl-purchase.wpengine.io
	25.02.2019
	26.05.2019
expires in 51 days	ssl-purchase.wpengine.io - 1 entry

Is there an option to remove that redirect? But I see, you don't use a control panel.

mdabney918 · April 5, 2019, 8:36pm

I don’t know what that redirect is, unless it is something from the 3rd party who hosts our external website. Everything else is in house.

JuergenAuer · April 5, 2019, 8:42pm

It blocks the /.well-known/acme-challenge subdirectory. So you can't use http-01 validation.

Is it possible to use dns-01 validation?

Or ask the 3rd party why why there is a redirect.

system · May 5, 2019, 8:46pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.