[Resolved] Let's Encrypt renewal challenge did not pass: Invalid response

5 posts / 0 new
Last post
#1 Tue, 10/09/2018 - 14:41
mebeingken

[Resolved] Let's Encrypt renewal challenge did not pass: Invalid response

Hey Folks,

Thanks for taking a look at this, as I'm stuck...and being that this is my first time here, a big thanks to all of you that make Virtualmin a great solution!

I have a few virtual servers on one instance of Virtualmin. Let's encrypt cert renewals are working for all but one. The challenge file is created, and I can access from a browser, but the challenge is failing.

The error: Requesting a certificate for tinyoperahouse.com, www.tinyoperahouse.com from Let's Encrypt .. .. request failed : Web-based validation failed : Failed to request certificate :

tinyoperahouse.com challenge did not pass: Invalid response from http://tinyoperahouse.com/.well-known/acme-challenge/yMw0S5qBpOjOgMIFam5... "\n\n \n <meta name=viewport content=\"initial-scale=1, minimum-scale=1, width=dev"

and then it goes on to try DNS which fails (I've always used the web validation.)

Using a browser, I can see the contents of the file, and can see the physical file in its proper location (with full permissions to remove any doubt for now.) /home/bigtiny/domains/bigtiny.biz/public_html/.well-known/acme-challenge.

Just in case it is relevant, this virtual server's domain was renamed at some point, I believe after it was initially created, but before the original Let's Encrypt cert was obtained. I've since installed wordpress on this, but I'm assuming that because I can see the file in a browser, that eliminates any .htaccess concerns???

Webin version: 1.890 Virtualmin version: 6.04 (having also tried 6.03)

Appreciate any help on this,

--Ken

Wed, 10/10/2018 - 13:51
adamjedgar

Check your dns records...this problem from my research could be incorrectly configured dns ie wrong records in the zone file.

For example, 1. if you have any ivp6 records, remove them 2. Ensure your ivp 4 record ip address is the external one for your server

AJECreative is the home of $5 webhosting, $15/month VPS servers (1cpu,1gb RAM, 25GB storage)
Centos7, Debian9, or Ubuntu18LTS
Available Control Panels = Centos-Webpanel, Cyberpanel, or Virtualmin

https://ajecreative.com.au

Wed, 10/10/2018 - 18:32 (Reply to #2)
mebeingken

Really appreciate the advice adamjedgar. No v6 records found and the internal zone in virtualmin, matches what resolves externally. I don't use the internal zone, it just has what was setup when creating the virtual server.

I can even see the successful GET in the apache logs: 35.207.62.191 - - [10/Oct/2018:23:26:08 +0000] "GET /.well-known/acme-challenge/HelLC6ZB76hY0kwQURpoLKhknivehlZNYPPGbRNrlSw HTTP/1.1" 200 87 "-" "Python-urllib/2.7"

So the challenge file is created, Let's encrypt can retrieve it, But doesn't like what it is finding...I suppose.

Fri, 11/02/2018 - 15:18 (Reply to #3)
mebeingken

Thanks for your help on this as you were (of course) correct....When I went to remove the ipv6 records, I only looked for them within the virtualmin environment and completely failed to understand that the external dns DID had AAAA records. Removed them, and all is well.

Thanks again.

Wed, 10/31/2018 - 08:54
mebeingken

Any other ideas on why the Let's encrypt challenge is failing on this one virtual server?