/ Register

Learn about Centmin Mod LEMP Stack today
Become a Member

SSL Letsencrypt LetsEncrypt Certificate Reissue - Verify error: invalid response

Discussion in 'Domains, DNS, Email & SSL Certificates' started by KlueMaster, Nov 18, 2020.

Tags:
Previous Thread Next Thread
Loading...
  1. Nov 18, 2020 #1
    KlueMaster

    KlueMaster Member

    73
    11
    8
    Aug 5, 2017
    Ratings:
    +30
    Local Time:
    10:51 PM
    MariaDB 10
    Hi,

    I've a Yii2 app being served on a domain from a CMM server. For some reason, the LE certificate didn't get auto-renewed at appropriate time (60 days), and expired yesterday.

    Now, when I'm trying to renew/reissue those manually using acmetool, I'm getting this error while domain verification:
    Code:
    Verify error:Invalid response from https://mydomain.com/.well-known/acme-challenge/<token> [IP]
    I'm unable to figure out what's wrong here. Also, the corresponding commands seem to set the folder to /home/nginx/domain/domain.com/public whereas I've set it as /home/nginx/domain/domain.com/web in the conf.ssl file.

    Could someone please help me with this?

    Thanks!
    Gaurav
     
  2. Nov 19, 2020 #2
    eva2000

    eva2000 Administrator Staff Member

    54,907
    12,240
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,811
    Local Time:
    3:21 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Are you behind Cloudflare ?

    Sounds like Letsencrypt is following your domain's non-https domain's 301/302 redirect to https based domain to validate the domain. But https based domain's SSL certificate expired.

    What you can do is sort of partial manual steps from Migrating Existing Nginx Vhost From HTTP to HTTP/2 based HTTPS With Letsencrypt SSL Certificates in that you temporarily disable your /usr/local/nginx/conf/conf.d/domain.com.ssl.conf nginx vhost and recreate the non-https nginx vhost /usr/local/nginx/conf/conf.d/domain.com.conf using the official Nginx vhost generator at Generate Centmin Mod Nginx Vhost - CentminMod.com LEMP Nginx web stack for CentOS (which is step 1 of guide at Migrating Existing Nginx Vhost From HTTP to HTTP/2 based HTTPS With Letsencrypt SSL Certificates).

    Then follow manual steps 2, 3, 4, 5 and 6 of guide at Migrating Existing Nginx Vhost From HTTP to HTTP/2 based HTTPS With Letsencrypt SSL Certificates where step 6 you can re-enable your https /usr/local/nginx/conf/conf.d/domain.com.ssl.conf nginx vhost and disable your non-https nginx vhost /usr/local/nginx/conf/conf.d/domain.com.conf again.

    Then you can test your domain at Let's Debug to ensure future renewals work.
     
  3. Nov 19, 2020 #3
    KlueMaster

    KlueMaster Member

    73
    11
    8
    Aug 5, 2017
    Ratings:
    +30
    Local Time:
    10:51 PM
    MariaDB 10
    This worked like a charm!

    EDIT - For those who might have got confused initially, remember to choose "no" for Generate Self-Signed SSL / Letsencrypt SSL HTTPS Vhost (File ONLY) * on https://centminmod.com/vhost.php page. Once you generate the vhost, you can select "yes" on the same page, and resubmit to generate customized instructions for your domain.
     
  4. Nov 29, 2020 #4
    eva2000

    eva2000 Administrator Staff Member

    54,907
    12,240
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,811
    Local Time:
    3:21 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Glad to hear it worked :)
     
Previous Thread Next Thread
Loading...

.