Welcome to Centmin Mod Community
Become a Member

SSL Letsencrypt LetsEncrypt Certificate Reissue - Verify error: invalid response

Discussion in 'Domains, DNS, Email & SSL Certificates' started by KlueMaster, Nov 18, 2020.

  1. KlueMaster

    KlueMaster Member

    56
    10
    8
    Aug 5, 2017
    Ratings:
    +21
    Local Time:
    8:26 PM
    MariaDB 10
    Hi,

    I've a Yii2 app being served on a domain from a CMM server. For some reason, the LE certificate didn't get auto-renewed at appropriate time (60 days), and expired yesterday.

    Now, when I'm trying to renew/reissue those manually using acmetool, I'm getting this error while domain verification:
    Code:
    Verify error:Invalid response from https://mydomain.com/.well-known/acme-challenge/<token> [IP]
    I'm unable to figure out what's wrong here. Also, the corresponding commands seem to set the folder to /home/nginx/domain/domain.com/public whereas I've set it as /home/nginx/domain/domain.com/web in the conf.ssl file.

    Could someone please help me with this?

    Thanks!
    Gaurav
     
  2. eva2000

    eva2000 Administrator Staff Member

    45,728
    10,382
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,112
    Local Time:
    12:56 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Are you behind Cloudflare ?

    Sounds like Letsencrypt is following your domain's non-https domain's 301/302 redirect to https based domain to validate the domain. But https based domain's SSL certificate expired.

    What you can do is sort of partial manual steps from Migrating Existing Nginx Vhost From HTTP to HTTP/2 based HTTPS With Letsencrypt SSL Certificates in that you temporarily disable your /usr/local/nginx/conf/conf.d/domain.com.ssl.conf nginx vhost and recreate the non-https nginx vhost /usr/local/nginx/conf/conf.d/domain.com.conf using the official Nginx vhost generator at Generate Centmin Mod Nginx Vhost - CentminMod.com LEMP Nginx web stack for CentOS (which is step 1 of guide at Migrating Existing Nginx Vhost From HTTP to HTTP/2 based HTTPS With Letsencrypt SSL Certificates).

    Then follow manual steps 2, 3, 4, 5 and 6 of guide at Migrating Existing Nginx Vhost From HTTP to HTTP/2 based HTTPS With Letsencrypt SSL Certificates where step 6 you can re-enable your https /usr/local/nginx/conf/conf.d/domain.com.ssl.conf nginx vhost and disable your non-https nginx vhost /usr/local/nginx/conf/conf.d/domain.com.conf again.

    Then you can test your domain at Let's Debug to ensure future renewals work.
     
  3. KlueMaster

    KlueMaster Member

    56
    10
    8
    Aug 5, 2017
    Ratings:
    +21
    Local Time:
    8:26 PM
    MariaDB 10
    This worked like a charm!

    EDIT - For those who might have got confused initially, remember to choose "no" for Generate Self-Signed SSL / Letsencrypt SSL HTTPS Vhost (File ONLY) * on https://centminmod.com/vhost.php page. Once you generate the vhost, you can select "yes" on the same page, and resubmit to generate customized instructions for your domain.
     
  4. eva2000

    eva2000 Administrator Staff Member

    45,728
    10,382
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,112
    Local Time:
    12:56 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Glad to hear it worked :)