I cannot figure out the cause of the "Challenge is invalid!". This configuration has been working for years. I was alerted to the issue because users were getting expired certificate errors.
My domain is: http://www.skokienewspaperindex.com
I ran this command:
dehydrated -c
It produced this output:
INFO: Using main config file /usr/local/etc/dehydrated/config
Processing skokienewspaperindex.com with alternative names: www.skokienewspaperindex.com
- Checking domain name(s) of existing cert... unchanged.
- Checking expire date of existing cert...
- Valid till May 20 09:15:10 2022 GMT (Less than 30 days). Renewing!
- Signing domains...
- Generating private key...
- Generating signing request...
- Requesting new certificate order from CA...
- Received 2 authorizations URLs from the CA
- Handling authorization for www.skokienewspaperindex.com
- Handling authorization for skokienewspaperindex.com
- 2 pending challenge(s)
- Deploying challenge tokens...
- Responding to challenge for www.skokienewspaperindex.com authorization...
- Cleaning challenge tokens...
- Challenge validation has failed
ERROR: Challenge is invalid! (returned: invalid) (result: ["type"] "http-01"
["status"] "invalid"
["error","type"] "urn:ietf:params:acme:error:connection"
["error","detail"] "207.229.155.78: Fetching http://www.skokienewspaperindex.com/.well-known/acme-challenge/rYz7kVdcIxmv0L_zi5H-eXziZPUNRuojZJX1ZmSXyig: Connection reset by peer"
["error","status"] 400
["error"] {"type":"urn:ietf:params:acme:error:connection","detail":"207.229.155.78: Fetching http://www.skokienewspaperindex.com/.well-known/acme-challenge/rYz7kVdcIxmv0L_zi5H-eXziZPUNRuojZJX1ZmSXyig: Connection reset by peer","status":400}
["url"] "https://acme-v02.api.letsencrypt.org/acme/chall-v3/112217320866/HeUpGw"
["token"] "rYz7kVdcIxmv0L_zi5H-eXziZPUNRuojZJX1ZmSXyig"
["validationRecord",0,"url"] "http://www.skokienewspaperindex.com/.well-known/acme-challenge/rYz7kVdcIxmv0L_zi5H-eXziZPUNRuojZJX1ZmSXyig"
["validationRecord",0,"hostname"] "www.skokienewspaperindex.com"
["validationRecord",0,"port"] "80"
["validationRecord",0,"addressesResolved",0] "207.229.155.78"
["validationRecord",0,"addressesResolved"] ["207.229.155.78"]
["validationRecord",0,"addressUsed"] "207.229.155.78"
["validationRecord",0] {"url":"http://www.skokienewspaperindex.com/.well-known/acme-challenge/rYz7kVdcIxmv0L_zi5H-eXziZPUNRuojZJX1ZmSXyig","hostname":"www.skokienewspaperindex.com","port":"80","addressesResolved":["207.229.155.78"],"addressUsed":"207.229.155.78"}
["validationRecord"] [{"url":"http://www.skokienewspaperindex.com/.well-known/acme-challenge/rYz7kVdcIxmv0L_zi5H-eXziZPUNRuojZJX1ZmSXyig","hostname":"www.skokienewspaperindex.com","port":"80","addressesResolved":["207.229.155.78"],"addressUsed":"207.229.155.78"}]
["validated"] "2022-05-24T23:22:22Z")
My web server is (include version):
nginx version: nginx/1.10.1
The operating system my web server runs on is (include version):
FreeBSD 10.3-RELEASE-p7
I can login to a root shell on my machine (yes or no, or I don't know): Yes, ran commands as root
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
root@zeus:/usr/local/etc/dehydrated # dehydrated --version
INFO: Using main config file /usr/local/etc/dehydrated/config
Dehydrated by Lukas Schauer
Dehydrated version: 0.7.1
GIT-Revision: unknown
OS: FreeBSD 10.3-RELEASE-p7
Used software:
bash: 4.3.46(1)-release
curl: 7.50.1
awk, sed, mktemp, grep, diff: BSD base system versions
openssl: OpenSSL 1.0.1s-freebsd 1 Mar 2016
root@zeus:/usr/local/etc/dehydrated #