Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

slipperydippery's avatar

Letsencrypt for domain with a Redirect Rule

One by one my Letsencrypt certificate renewals are failing. I believe it is because these domains hare a Redirect Rule in place, and now the challenge is invalid.

What would be the solution?

My error log for obtaining a certificate for harsveld.nl:

--2020-05-30 12:00:46--  https://forge-certificates.laravel.com/le/810516/550552?env=production
Resolving forge-certificates.laravel.com (forge-certificates.laravel.com)... 104.26.13.100, 104.26.12.100, 2606:4700:20::681a:c64, ...
Connecting to forge-certificates.laravel.com (forge-certificates.laravel.com)|104.26.13.100|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘letsencrypt_script1590840046’

     0K ..                                                     34.9M=0s

2020-05-30 12:00:46 (34.9 MB/s) - ‘letsencrypt_script1590840046’ saved [2526]

Cloning into 'letsencrypt1590840046'...
ERROR: Challenge is invalid! (returned: invalid) (result: {
  "type": "http-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:unauthorized",
    "detail": "Invalid response from https://harsveld.com [37.139.0.65]: \"\u003c!DOCTYPE html\u003e\n\u003chtml lang=\\"en\\" data-ng-app=\\"website\\"\u003e\n\u003chead\u003e\n    \n    \n            \u003cmeta charset=\\"utf-8\\"\u003e\n        \u003ctitle\u003eHome\u003c/\"",
    "status": 403
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/4908308997/0KtZfQ",
  "token": "A9_qh2FB_4CIFIScnHvzz2XcYIEZYWAMk02B3VAlMFU",
  "validationRecord": [
    {
      "url": "http://www.harsveld.nl/.well-known/acme-challenge/A9_qh2FB_4CIFIScnHvzz2XcYIEZYWAMk02B3VAlMFU",
      "hostname": "www.harsveld.nl",
      "port": "80",
      "addressesResolved": [
        "37.139.0.65"
      ],
      "addressUsed": "37.139.0.65"
    },
    {
      "url": "http://harsveld.nl/.well-known/acme-challenge/A9_qh2FB_4CIFIScnHvzz2XcYIEZYWAMk02B3VAlMFU",
      "hostname": "harsveld.nl",
      "port": "80",
      "addressesResolved": [
        "37.139.0.65"
      ],
      "addressUsed": "37.139.0.65"
    },
    {
      "url": "https://harsveld.com",
      "hostname": "harsveld.com",
      "port": "443",
      "addressesResolved": [
        "37.139.0.65"
      ],
      "addressUsed": "37.139.0.65"
    }
  ]
})
0 likes
1 reply
andytalbot's avatar

I just came to Laracasts to ask this exact question, over the last week, i've seen about a half dozen subdomain based sites fail to renew, it seems to be where the main domain is on one IP, but the subdomain is on another IP. Or as yo say there's a redirect in place. This seems to be affecting a variety of sites where the DNS is managed in different places. So not simply something to do with cloudflare for example.

Please or to participate in this conversation.