sometimes certificated renew fails: Challenge is invalid! #466

New Issue

adam · 2025-12-29T01:25:49+01:00

adam commented

2025-12-29 01:25:49 +01:00

Originally created by @demon101 on GitHub (Mar 18, 2020).

I have few servers with same configuration.

h25.xxx.rocks resh25.xxx.rocks
h25.yyy.rocks resh25.yyy.rocks

after I added more domains to the config, it start failing. But after 1-5 attemps usualy certs renews without error. On every attempts it can fail on new domain.

domains in /etc/dehydrated/domains.txt, trying to start weekly job
ERROR: Challenge is invalid! (returned: invalid) (result: {
  "type": "http-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "During secondary validation: Invalid response from http://h25.xxx.rocks/.well-known/acme-challenge/A2cM_l3ByZiDsPXjsqlrpgn2xqkCeMP9INz3Zgk [5.9.00.00]: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e411 Length Required\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e411 Length Required\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003engin\"",
    "status": 403
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3429297978/VfHxsw",
  "token": "A2cM_l3ByZiDsPXjsqlrpgn2xIqkCeMP9INz3Zgk",
  "validationRecord": [
    {
      "url": "http://h25.xxx.rocks/.well-known/acme-challenge/A2cM_l3ByZiDsPXjsqlrpgn2xI4kCeMP9INz3Zgk",
      "hostname": "h25.xxx.rocks",
      "port": "80",
      "addressesResolved": [
        "5.9.00.00"
      ],
      "addressUsed": "5.9.00.00"
    }
  ]
})

No http->https redirects for /.well-known/ . I have checked

Originally created by @demon101 on GitHub (Mar 18, 2020). I have few servers with same configuration. ``` h25.xxx.rocks resh25.xxx.rocks h25.yyy.rocks resh25.yyy.rocks ``` after I added more domains to the config, it start failing. But after 1-5 attemps usualy certs renews without error. On every attempts it can fail on new domain. ``` domains in /etc/dehydrated/domains.txt, trying to start weekly job ERROR: Challenge is invalid! (returned: invalid) (result: { "type": "http-01", "status": "invalid", "error": { "type": "urn:ietf:params:acme:error:unauthorized", "detail": "During secondary validation: Invalid response from http://h25.xxx.rocks/.well-known/acme-challenge/A2cM_l3ByZiDsPXjsqlrpgn2xqkCeMP9INz3Zgk [5.9.00.00]: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e411 Length Required\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e411 Length Required\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003engin\"", "status": 403 }, "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/3429297978/VfHxsw", "token": "A2cM_l3ByZiDsPXjsqlrpgn2xIqkCeMP9INz3Zgk", "validationRecord": [ { "url": "http://h25.xxx.rocks/.well-known/acme-challenge/A2cM_l3ByZiDsPXjsqlrpgn2xI4kCeMP9INz3Zgk", "hostname": "h25.xxx.rocks", "port": "80", "addressesResolved": [ "5.9.00.00" ], "addressUsed": "5.9.00.00" } ] }) ``` No http->https redirects for /.well-known/ . I have checked

adam closed this issue

2025-12-29 01:25:49 +01:00

adam commented

2025-12-29 01:25:50 +01:00

@lukas2511 commented on GitHub (Apr 2, 2020):

This looks like your webserver is not responding correctly on every request. Let's Encrypt changed their validator to request the file from multiple locations (to avoid easy MITM during validation), and some of those requests simply fail against your server.

@lukas2511 commented on GitHub (Apr 2, 2020): This looks like your webserver is not responding correctly on every request. Let's Encrypt changed their validator to request the file from multiple locations (to avoid easy MITM during validation), and some of those requests simply fail against your server.

adam referenced this issue

2025-12-29 01:29:37 +01:00

[PR #466] [CLOSED] Fix grammer error in the manpage #844

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/dehydrated#466