starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-11 22:30:44 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

Challenge is invalid! (returned: invalid) #333

New Issue
Closed
opened 2025-12-29 01:22:56 +01:00 by adam · 1 comment
adam commented 2025-12-29 01:22:56 +01:00
Owner
Copy Link

Originally created by @rrrnld on GitHub (Apr 16, 2018).

I didn't find any other place to ask for support, so sorry if this isn't the right place to ask this question.

I'm trying to set up dehydrated and get rid of the official letsencrypt client. I've done so successfully on one server and I'm hitting problems doing it on another one.

The error message I get is this:

$ dehydrated/dehydrated -c
# INFO: Using main config file /etc/dehydrated/config
Processing nuee.schlueter.is
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 1 authorizations URLs from the CA
 + Handling authorization for nuee.schlueter.is
 + 1 pending challenge(s)
 + Deploying challenge tokens...
 + Responding to challenge for nuee.schlueter.is authorization...
 + Cleaning challenge tokens...
 + Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: {
  "type": "http-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:connection",
    "detail": "Fetching http://nuee.schlueter.is/.well-known/acme-challenge/current_token: Timeout",
    "status": 400
  },
  "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/QiWcN1U_r-lrL0Mule3SiB6Qgo5Emdkyqgtqs2ezClk/118245333",
  "token": "current_token",
  "validationRecord": [
    {
      "url": "http://nuee.schlueter.is/.well-known/acme-challenge/current_token",
      "hostname": "nuee.schlueter.is",
      "port": "80",
      "addressesResolved": [
        "46.101.150.180",
        "2a03:b0c0:3:d0::2457:3001"
      ],
      "addressUsed": "2a03:b0c0:3:d0::2457:3001"
    }
  ]
})

I've set up a test.txt in /var/www/dehydrated as suggested in the wiki. The file is accessible via .well-known/acme-challenge/test.txt. I'm not sure how to read the 400 error described in the JSON blob above.

As I said, I do have a currently still active cert from another client, which I thought might cause problems (even though it shouldn't, because the order is request cert - answer challenge - obtain cert, no?). I have thus disabled ssl redirection, making the folder accessible via plain port 80 http, but had the same result. Any other idea?

Some environment info:

$ dehydrated/dehydrated --version
# INFO: Using main config file /etc/dehydrated/config
Dehydrated by Lukas Schauer
https://dehydrated.de

Dehydrated version: git-master-after-0.6.1
GIT-Revision: unknown

OS: Ubuntu 16.04.4 LTS 
Used software:
 bash: 4.3.48(1)-release
 curl: curl 7.47.0
 awk: GNU Awk 4.1.3, API: 1.1 (GNU MPFR 3.1.4, GNU MP 6.1.0)
 sed: sed (GNU sed) 4.2.2
 mktemp: mktemp (GNU coreutils) 8.25
 grep: grep (GNU grep) 2.25
 diff: diff (GNU diffutils) 3.3
 openssl: OpenSSL 1.1.0h  27 Mar 2018

Relevant nginx log:

52.29.173.72 - - [16/Apr/2018:13:10:58 +0200] "GET /.well-known/acme-challenge/current_tokenHTTP/1.1" 200 87 "http://nuee.schlueter.is/.well-known/acme-challenge/current_token" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
13.58.30.69 - - [16/Apr/2018:13:11:01 +0200] "GET /.well-known/acme-challenge/current_token HTTP/1.1" 301 194 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

The nginx config looks as described in the wiki and, as I said above, the test.txt is accesible.

Originally created by @rrrnld on GitHub (Apr 16, 2018). I didn't find any other place to ask for support, so sorry if this isn't the right place to ask this question. I'm trying to set up dehydrated and get rid of the official letsencrypt client. I've done so successfully on one server and I'm hitting problems doing it on another one. The error message I get is this: ``` $ dehydrated/dehydrated -c # INFO: Using main config file /etc/dehydrated/config Processing nuee.schlueter.is + Signing domains... + Generating private key... + Generating signing request... + Requesting new certificate order from CA... + Received 1 authorizations URLs from the CA + Handling authorization for nuee.schlueter.is + 1 pending challenge(s) + Deploying challenge tokens... + Responding to challenge for nuee.schlueter.is authorization... + Cleaning challenge tokens... + Challenge validation has failed :( ERROR: Challenge is invalid! (returned: invalid) (result: { "type": "http-01", "status": "invalid", "error": { "type": "urn:ietf:params:acme:error:connection", "detail": "Fetching http://nuee.schlueter.is/.well-known/acme-challenge/current_token: Timeout", "status": 400 }, "url": "https://acme-staging-v02.api.letsencrypt.org/acme/challenge/QiWcN1U_r-lrL0Mule3SiB6Qgo5Emdkyqgtqs2ezClk/118245333", "token": "current_token", "validationRecord": [ { "url": "http://nuee.schlueter.is/.well-known/acme-challenge/current_token", "hostname": "nuee.schlueter.is", "port": "80", "addressesResolved": [ "46.101.150.180", "2a03:b0c0:3:d0::2457:3001" ], "addressUsed": "2a03:b0c0:3:d0::2457:3001" } ] }) ``` I've set up a `test.txt` in `/var/www/dehydrated` as suggested in the wiki. The file is accessible via .well-known/acme-challenge/test.txt. I'm not sure how to read the `400` error described in the JSON blob above. As I said, I do have a currently still active cert from another client, which I thought might cause problems (even though it shouldn't, because the order is request cert - answer challenge - obtain cert, no?). I have thus disabled ssl redirection, making the folder accessible via plain port 80 http, but had the same result. Any other idea? Some environment info: ``` $ dehydrated/dehydrated --version # INFO: Using main config file /etc/dehydrated/config Dehydrated by Lukas Schauer https://dehydrated.de Dehydrated version: git-master-after-0.6.1 GIT-Revision: unknown OS: Ubuntu 16.04.4 LTS Used software: bash: 4.3.48(1)-release curl: curl 7.47.0 awk: GNU Awk 4.1.3, API: 1.1 (GNU MPFR 3.1.4, GNU MP 6.1.0) sed: sed (GNU sed) 4.2.2 mktemp: mktemp (GNU coreutils) 8.25 grep: grep (GNU grep) 2.25 diff: diff (GNU diffutils) 3.3 openssl: OpenSSL 1.1.0h 27 Mar 2018 ``` Relevant nginx log: ``` 52.29.173.72 - - [16/Apr/2018:13:10:58 +0200] "GET /.well-known/acme-challenge/current_tokenHTTP/1.1" 200 87 "http://nuee.schlueter.is/.well-known/acme-challenge/current_token" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" 13.58.30.69 - - [16/Apr/2018:13:11:01 +0200] "GET /.well-known/acme-challenge/current_token HTTP/1.1" 301 194 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" ``` The nginx config looks as described in the wiki and, as I said above, the test.txt is accesible.
adam closed this issue 2025-12-29 01:22:56 +01:00
adam commented 2025-12-29 01:22:57 +01:00
Author
Owner
Copy Link

@lukas2511 commented on GitHub (Apr 16, 2018):

Your IPv6 seems to be broken and the CA is running into a timeout trying to access your page.

@lukas2511 commented on GitHub (Apr 16, 2018): Your IPv6 seems to be broken and the CA is running into a timeout trying to access your page.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#333
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?