starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-13 15:13:33 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

Challenge validation has failed #366

New Issue
Closed
opened 2025-12-29 01:23:44 +01:00 by adam · 3 comments
adam commented 2025-12-29 01:23:44 +01:00
Owner
Copy Link

Originally created by @shadow05139 on GitHub (Jul 28, 2018).

Im getting this when trying to renew cert

pi@hassbian:/home/homeassistant/dehydrated $ sudo ./dehydrated -c

INFO: Using main config file /home/homeassistant/dehydrated/config

Unknown hook this_hookscript_is_broken__dehydrated_is_working_fine__please_ignore_unknown_hooks_in_your_script
Processing homehub05139.duckdns.org
Unknown hook this_hookscript_is_broken__dehydrated_is_working_fine__please_ignore_unknown_hooks_in_your_script

  • Checking domain name(s) of existing cert... unchanged.
  • Checking expire date of existing cert...
  • Valid till Jul 21 01:42:55 2018 GMT (Less than 30 days). Renewing!
  • Signing domains...
  • Generating private key...
  • Generating signing request...
  • Requesting new certificate order from CA...
  • Received 1 authorizations URLs from the CA
  • Handling authorization for .duckdns.org
  • 1 pending challenge(s)
  • Deploying challenge tokens...
    OK
  • Responding to challenge for .duckdns.org authorization...
    Unknown hook invalid_challenge
  • Cleaning challenge tokens...
    OK
  • Challenge validation has failed :(
    ERROR: Challenge is invalid! (returned: invalid) (result: {
    "type": "http-01",
    "status": "invalid",
    "error": {
    "type": "urn:ietf:params:acme:error:connection",
    "detail": "Fetching http://.duckdns.org/.well-known/acme-challenge/lTWkfYPlqBF-29Um4MCCUrjjWJw7ti-fmUEtUK8aiTA: Connection refused",
    "status": 400
    },
    "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/u8O0vLkYh1_uORor2xZOhtnQyqtnB6glBOBAmT2xng4/5999407215",
    "token": "lTWkfYPlqBF-29Um4MCCUrjjWJw7ti-fmUEtUK8aiTA",
    "validationRecord": [
    {
    "url": "http://.duckdns.org/.well-known/acme-challenge/lTWkfYPlqBF-29Um4MCCUrjjWJw7ti-fmUEtUK8aiTA",
    "hostname": ".duckdns.org",
    "port": "80",
    "addressesResolved": [
    ""
    ],
    "addressUsed": ""
    }
    ]
    })
Originally created by @shadow05139 on GitHub (Jul 28, 2018). Im getting this when trying to renew cert pi@hassbian:/home/homeassistant/dehydrated $ sudo ./dehydrated -c # INFO: Using main config file /home/homeassistant/dehydrated/config Unknown hook this_hookscript_is_broken__dehydrated_is_working_fine__please_ignore_unknown_hooks_in_your_script Processing homehub05139.duckdns.org Unknown hook this_hookscript_is_broken__dehydrated_is_working_fine__please_ignore_unknown_hooks_in_your_script + Checking domain name(s) of existing cert... unchanged. + Checking expire date of existing cert... + Valid till Jul 21 01:42:55 2018 GMT (Less than 30 days). Renewing! + Signing domains... + Generating private key... + Generating signing request... + Requesting new certificate order from CA... + Received 1 authorizations URLs from the CA + Handling authorization for <myaddress>.duckdns.org + 1 pending challenge(s) + Deploying challenge tokens... OK + Responding to challenge for <myaddress>.duckdns.org authorization... Unknown hook invalid_challenge + Cleaning challenge tokens... OK + Challenge validation has failed :( ERROR: Challenge is invalid! (returned: invalid) (result: { "type": "http-01", "status": "invalid", "error": { "type": "urn:ietf:params:acme:error:connection", "detail": "Fetching http://<myaddress>.duckdns.org/.well-known/acme-challenge/lTWkfYPlqBF-29Um4MCCUrjjWJw7ti-fmUEtUK8aiTA: Connection refused", "status": 400 }, "url": "https://acme-v02.api.letsencrypt.org/acme/challenge/u8O0vLkYh1_uORor2xZOhtnQyqtnB6glBOBAmT2xng4/5999407215", "token": "lTWkfYPlqBF-29Um4MCCUrjjWJw7ti-fmUEtUK8aiTA", "validationRecord": [ { "url": "http://<myaddress>.duckdns.org/.well-known/acme-challenge/lTWkfYPlqBF-29Um4MCCUrjjWJw7ti-fmUEtUK8aiTA", "hostname": "<myaddress>.duckdns.org", "port": "80", "addressesResolved": [ "<mypublicIP>" ], "addressUsed": "<mypublicIP>" } ] })
adam closed this issue 2025-12-29 01:23:44 +01:00
adam commented 2025-12-29 01:23:45 +01:00
Author
Owner
Copy Link

@txr13 commented on GitHub (Jul 28, 2018):

You’re using http-01 validation, but the CA cannot resolve the name you are attempting to verify (addressesResolved is empty) and therefore cannot connect to do the validation.

More specifically, it looks like you have a broken domains.txt file. The CN is fine, but there’s a spurious “.duckdns.org” SAN with no subdomain on it. This is what cannot be validated.

@txr13 commented on GitHub (Jul 28, 2018): You’re using http-01 validation, but the CA cannot resolve the name you are attempting to verify (addressesResolved is empty) and therefore cannot connect to do the validation. More specifically, it looks like you have a broken domains.txt file. The CN is fine, but there’s a spurious “.duckdns.org” SAN with no subdomain on it. This is what cannot be validated.
adam commented 2025-12-29 01:23:45 +01:00
Author
Owner
Copy Link

@lukas2511 commented on GitHub (Jul 28, 2018):

This looks weird. You should take a look at your domains.txt, maybe some weird zero-width-space unicode character got in the middle of your hostname or something similar. Otherwise please post the output of dehydrated -v and the content of your domains.txt.

@lukas2511 commented on GitHub (Jul 28, 2018): This looks weird. You should take a look at your domains.txt, maybe some weird zero-width-space unicode character got in the middle of your hostname or something similar. Otherwise please post the output of `dehydrated -v` and the content of your domains.txt.
adam commented 2025-12-29 01:23:45 +01:00
Author
Owner
Copy Link

@shadow05139 commented on GitHub (Jul 29, 2018):

INFO: Using main config file /home/homeassistant/dehydrated/config

Dehydrated by Lukas Schauer
https://dehydrated.de

Dehydrated version: git-master-after-0.6.1
GIT-Revision: 52c2c19994

OS: Raspbian GNU/Linux 8
Used software:
bash: 4.3.30(1)-release
curl: curl 7.38.0
awk: mawk 1.3.3 Nov 1996, Copyright (C) Michael D. Brennan
sed: sed (GNU sed) 4.2.2
mktemp: mktemp (GNU coreutils) 8.23
grep: grep (GNU grep) 2.20
diff: diff (GNU diffutils) 3.3
openssl: OpenSSL 1.0.1t 3 May 2016

domains.txt has only one line
homehub05139.duckdns.org

@shadow05139 commented on GitHub (Jul 29, 2018): # INFO: Using main config file /home/homeassistant/dehydrated/config Dehydrated by Lukas Schauer https://dehydrated.de Dehydrated version: git-master-after-0.6.1 GIT-Revision: 52c2c199945bd59a6f659f2aaff4c06bc6959c94 OS: Raspbian GNU/Linux 8 Used software: bash: 4.3.30(1)-release curl: curl 7.38.0 awk: mawk 1.3.3 Nov 1996, Copyright (C) Michael D. Brennan sed: sed (GNU sed) 4.2.2 mktemp: mktemp (GNU coreutils) 8.23 grep: grep (GNU grep) 2.20 diff: diff (GNU diffutils) 3.3 openssl: OpenSSL 1.0.1t 3 May 2016 domains.txt has only one line homehub05139.duckdns.org
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#366
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?