Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
So I had an issue back in March when Forge letsencrypt renewals failed. I ended up having to delete and rebuild the site on forge to get things back up and running. Unfortunately it looks like the renewals have not been working again so I am trying to manually issue a new one so I can remove the old one. Problem is when I try and so that I get this error. There are similar threads but they say to make sure the DNS records are set up correctly which they are. I am wondering is there another fix for this? Can't get any repsonse from the forge team on this so hoping someone here can give a fellow a hand.
Creating well known challenge directory...
Installing LetsEncrypt client...
Cloning into 'letsencrypt1497641525'...
Configuring client...
Restarting Nginx...
Generating Certificate...
# INFO: Using main config file /root/letsencrypt1497641525/config
+ Generating account key...
+ Registering account key with ACME server...
+ Done!
# INFO: Using main config file /root/letsencrypt1497641525/config
Processing domain.ca with alternative names: www.domain.ca
+ Signing domains...
+ Creating new directory /root/letsencrypt1497641525/certs/domain.ca ...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for domain.ca...
+ Requesting challenge for www.domain.ca...
+ Responding to challenge for domain.ca...
+ Challenge is valid!
+ Responding to challenge for www.domain.ca...
ERROR: Challenge is invalid! (returned: invalid) (result: {
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:unauthorized",
"detail": "Invalid response from http://www.domain.ca/.well-known/acme-challenge/2UFlHz0BH7wZCld9zfv09uwfpKYcRtK3hJboZ7k-nsE: \"\u003c!--\n |\n __ `__ \\ _` | __ \\ | _ \\\n | | | ( | | | | __/\n _| _| _| \"",
"status": 403
},
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/YUD_tqLk7NVLX6s84FwaeWKMUbc5TXQAc6V3hBVJa8U/1353789835",
"token": "2UFlHz0BH7wZCld9zfv09uwfpKYcRtK3hJboZ7k-nsE",
"keyAuthorization": "2UFlHz0BH7wZCld9zfv09uwfpKYcRtK3hJboZ7k-nsE.-383PFv7SmF22NkwU1M_nI03hKiykde0sg1hDPVqrMI",
"validationRecord": [
{
"url": "https://www.domain.ca",
"hostname": "www.domain.ca",
"port": "443",
"addressesResolved": [
"XXX.203.4.45"
],
"addressUsed": "XXX.203.4.45",
"addressesTried": []
},
{
"url": "http://www.domain.ca/.well-known/acme-challenge/2UFlHz0BH7wZCld9zfv09uwfpKYcRtK3hJboZ7k-nsE",
"hostname": "www.domain.ca",
"port": "80",
"addressesResolved": [
"XXX.203.4.45"
],
"addressUsed": "XXX.203.4.45",
"addressesTried": []
}
]
})
Apparently, this can happen if your DNS records are not properly configured: https://laracasts.com/discuss/channels/forge/letsencrypt-error-challenge-is-invalid-on-forge
Are you sure that you have both "domain.ca" and "www.domain.ca" configured correctly, e.g.
and that there are no duplicate entries or missing records for any subdomains specified for the certificate?
For me I was trying to add a subdomain and I got this error. To fix it I had to go to settings in my site in Forge and add an Aliases. After that I removed the old certificate and added another one with Let's Encrypt with both domain and subdomain whole paths separated by comma eg: abc.com,subdomain.abc.com
What if I want to add a quote to my comments?
Please or to participate in this conversation.