Level 53
What do you have for you site directory? If it is default, then that is your problem. That entire process is finicky. I use it on 7 servers. The issue is usually something you did or didn't do.
Oct 26, 2016
8
Level 11
LetsEncrypt 'ERROR: Challenge is invalid!' on Forge
Hi guys I am just about to deploy my first web-app! I have configured the A and CNAME records on GoDaddy to point to www. and mydomain.com which work as expected
I am following the Forge series. When I go to create a SSL cert, I get Error We were unable to obtain a LetsEncrypt SSL certificate on your server (forge-server).
Creating well known challenge directory...
Installing LetsEncrypt client...
Cloning into 'letsencrypt111111'...
Configuring client...
Restarting Nginx...
Generating Certificate...
# INFO: Using main config file /root/letsencrypt1111111/config
+ Generating account key...
+ Registering account key with ACME server...
Processing mydomain.com with alternative names: www.mydomain.com
+ Signing domains...
+ Creating new directory /root/letsencrypt11111111/certs/mydomain.com ...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for mydomain.com...
+ Requesting challenge for mydomain.com...
+ Responding to challenge for mydomain.com...
ERROR: Challenge is invalid! (returned: invalid) (result: {
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:unauthorized",
"detail": "Invalid response from http://mydomain.com/.well-known/acme-challenge/g111111111111111111111: \"\u003c!DOCTYPE html\u003e\u003cbody style=\"padding:0; margin:0;\"\u003e\u003chtml\u003e\u003cbody\u003e\u003ciframe src=\"http://mcc.godaddy.com/park/pJIbqUy2M2qlMF52LKAv\" sty\"",
"status": 403
},
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/k22222222222222222222222/315265030",
"token": "33333333333333333333333",
"keyAuthorization": "44444444444444444444444444",
"validationRecord": [
{
"url": "http://mydomain.com/.well-known/acme-challenge/55555555555555555555",
"hostname": "mydomain.com",
"port": "80",
"addressesResolved": [
"godaddy IP",
"forge IP"
],
"addressUsed": "godaddy IP"
}
]
})
Cant find a solution online, can anyone help me out please? Can't wait to get my first site online! Cheers
Level 11
Hi @ejdelmonico I don't have anything else added to configure this except the A = @ and CNAME = * records on GoDaddy. I am following the Forge tutorials here and to the best of my knowledge no additional files were created. Am I missing something?
Level 53
Well, things have changed since those tutorials. From what I remember, when you set up your site...delete default site and add your preferred name. Once that is setup (assumed you are not using Envoyer as well...which I do), setup your ssh keys and test them out. In other words, make sure all those connections are working. Clone your repo into whichever directory you made the site for. Then add your .env info by selecting edit files in site management. after saving, try accessing you site from the right arrow...top right. If all is well, go back to SSL tab, click the LetsEncrypt button and pray for a successful return...sometimes I fill in the signing request info but do not actually create the cert. If all is well, click activate for the cert and it will update your nginx.conf. Oh, you may want to add a CNAME for www as well.
1 like
Level 11
Thanks for that @ejdelmonico
I have done that I think. SSH keys work fine, all connections seem to work ok, .env is configured ... both A = @ and CNAME = * are configured on GoDaddy
Level 53
What about your site setup in Forge? Can you take a screen shot?
Level 11
I had an extra A file in my domain, once I removed that the SSL cert validated, very very cool !!!
Level 35
I had the same error and just wanted to point out that you need to turn off authentication if you have it on.
I had this in my nginx config.
auth_basic "Admin Only";
auth_basic_user_file /etc/nginx/.htpasswd;
Comment it out, install your certificate, then put it back and all should be well!
1 like
Level 17
What extra file?
Please or to participate in this conversation.