Help! Error: Received certificate which is not self-signed. #623

New Issue

adam · 2025-12-29T01:27:54+01:00

adam commented

2025-12-29 01:27:54 +01:00

Originally created by @jensakejohansson on GitHub (Jun 28, 2024).

Hi!

Certificates are network configurations are well out-side my field of expertise, so excuse me if my question is obvious. I've created a certificate earlier for a webserver using dehydrated and it worked fine. Now, I have to create a new certificate (same server), but this time I don't succeed. I get the error shown below and I'm stuck. Does anyone have a hint of what's gone wrong here?

I use tls-alpn-01 since port 80 is closed (and I have no possiblity to open it).

Best regards,

 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting new certificate order from CA...
 + Received 1 authorizations URLs from the CA
 + Handling authorization for my-host-name.com
 + Generating ALPN certificate and key for my-host-name.com...
 + 1 pending challenge(s)
 + Deploying challenge tokens...
 + Responding to challenge for my-host-name.com authorization...
 + Cleaning challenge tokens...
 + Challenge validation has failed :(
ERROR: Challenge is invalid! (returned: invalid) (result: ["type"]      "tls-alpn-01"
["url"] "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12945647193/Tpy3IQ"
["status"]      "invalid"
["validated"]   "2024-06-28T13:08:10Z"
["error","type"]        "urn:ietf:params:acme:error:unauthorized"
["error","detail"]      "Incorrect validation certificate for tls-alpn-01 challenge. Requested my-host-name.com from my.ip.number.goes.here:443. Received certificate which is not self-signed."
["error","status"]      403
["error"]       {"type":"urn:ietf:params:acme:error:unauthorized","detail":"Incorrect validation certificate for tls-alpn-01 challenge. Requested my-host-name.com from my.ip.number.goes.here:443. Received certificate which is not self-signed.","status":403}
["token"]       "q8CrSPlyeGcl_CrYfn8_tOSJX-de5A2lYGZkTLrbICc"
["validationRecord",0,"hostname"]       "my-host-name.com"
["validationRecord",0,"port"]   "443"
["validationRecord",0,"addressesResolved",0]    "my.ip.number.goes.here"
["validationRecord",0,"addressesResolved"]      ["my.ip.number.goes.here"]
["validationRecord",0,"addressUsed"]    "my.ip.number.goes.here"
["validationRecord",0]  {"hostname":"my-host-name.com","port":"443","addressesResolved":["my.ip.number.goes.here"],"addressUsed":"my.ip.number.goes.here"}
["validationRecord"]    [{"hostname":"my-host-name.com","port":"443","addressesResolved":["my.ip.number.goes.here"],"addressUsed":"my.ip.number.goes.here"}])

Originally created by @jensakejohansson on GitHub (Jun 28, 2024). Hi! Certificates are network configurations are well out-side my field of expertise, so excuse me if my question is obvious. I've created a certificate earlier for a webserver using dehydrated and it worked fine. Now, I have to create a new certificate (same server), but this time I don't succeed. I get the error shown below and I'm stuck. Does anyone have a hint of what's gone wrong here? I use tls-alpn-01 since port 80 is closed (and I have no possiblity to open it). Best regards, ``` + Signing domains... + Generating private key... + Generating signing request... + Requesting new certificate order from CA... + Received 1 authorizations URLs from the CA + Handling authorization for my-host-name.com + Generating ALPN certificate and key for my-host-name.com... + 1 pending challenge(s) + Deploying challenge tokens... + Responding to challenge for my-host-name.com authorization... + Cleaning challenge tokens... + Challenge validation has failed :( ERROR: Challenge is invalid! (returned: invalid) (result: ["type"] "tls-alpn-01" ["url"] "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/12945647193/Tpy3IQ" ["status"] "invalid" ["validated"] "2024-06-28T13:08:10Z" ["error","type"] "urn:ietf:params:acme:error:unauthorized" ["error","detail"] "Incorrect validation certificate for tls-alpn-01 challenge. Requested my-host-name.com from my.ip.number.goes.here:443. Received certificate which is not self-signed." ["error","status"] 403 ["error"] {"type":"urn:ietf:params:acme:error:unauthorized","detail":"Incorrect validation certificate for tls-alpn-01 challenge. Requested my-host-name.com from my.ip.number.goes.here:443. Received certificate which is not self-signed.","status":403} ["token"] "q8CrSPlyeGcl_CrYfn8_tOSJX-de5A2lYGZkTLrbICc" ["validationRecord",0,"hostname"] "my-host-name.com" ["validationRecord",0,"port"] "443" ["validationRecord",0,"addressesResolved",0] "my.ip.number.goes.here" ["validationRecord",0,"addressesResolved"] ["my.ip.number.goes.here"] ["validationRecord",0,"addressUsed"] "my.ip.number.goes.here" ["validationRecord",0] {"hostname":"my-host-name.com","port":"443","addressesResolved":["my.ip.number.goes.here"],"addressUsed":"my.ip.number.goes.here"} ["validationRecord"] [{"hostname":"my-host-name.com","port":"443","addressesResolved":["my.ip.number.goes.here"],"addressUsed":"my.ip.number.goes.here"}]) ```

adam closed this issue

2025-12-29 01:27:54 +01:00

adam commented

2025-12-29 01:27:55 +01:00

@jensakejohansson commented on GitHub (Jun 28, 2024):

My fault, port 443 was occupied by other process, so the utility alpn-responder.py that I use that should respond just failed silently...

@jensakejohansson commented on GitHub (Jun 28, 2024): My fault, port 443 was occupied by other process, so the utility alpn-responder.py that I use that should respond just failed silently...

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/dehydrated#623