Unable to install Let's Encrypt SSL: Invalid response from example.com: 404 Not Found

Created:

2017-06-01 21:32:52 UTC

Modified:

2017-06-25 22:42:10 UTC

3

Was this article helpful?


Have more questions?

Submit a request

Unable to install Let's Encrypt SSL: Invalid response from example.com: 404 Not Found

Symptoms

Unable to install Let's Encrypt SSL with "404 not found", "Timeout" or "Could not connect" errors:

"type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:acme:error:unauthorized",
        "detail": "Invalid response from http://example.com/.well-known/acme-challenge/QweqSPyw7o0M1XpHhhDM3RSJyLLi7X6fge-VwMIYux8: \"\u003c!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"\u003e\n\u003chtml\u003e\u003chead\u003e\n\u003ctitle\u003e404 Not Found\u003c/title\u003e\n\u003c/head\u003e\u003cbody\u003e\n\u003ch1\u003eNot Found\u003c/h1\u003e\n\u003cp\"",
        "status": 403

ERR [panel] Error: Let's Encrypt SSL certificate installation failed: Challenge marked as invalid. Details: Invalid response from http://example.com/.well-known/acme-challenge/QweqSPyw7o0M1XpHhhDM3RSJyLLi7X6fge-VwMIYux8: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p"
Error: Let's Encrypt SSL certificate installation failed: Challenge marked as invalid. Details: Fetching http://example.com/.well-known/acme-challenge/IvIvh2SslhaJRq_pHcxngfqUb7VF9zFW-BSEiJ5QVNY: Timeout
Error: Let's Encrypt SSL certificate installation failed: Challenge marked as invalid. Details: Could not connect to example.com

404 Error is shown when trying to get Let's encrypt link using curl:  

# curl -k https://example.com/.well-known/acme-challenge/_5TwQSdamj_Sl-M1gBsI-l_zcp3as2dsYFqeltAP4Pk
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /.well-known/acme-challenge/_5TwQsadAmj_Sl-M1gBsI-l_zcFdtgfQ3XYFqeltAP4Pk was not found on this server.</p>
<hr>
<address>Apache Server at example.com Port 443</address>

Global DNS contains AAAA record for IPv6, but in Plesk domain is assigned to ipv4 only in Domains > example.com > Web Hosting Access:

# dig @example example.tld AAAA
example.com 86400  IN      AAAA 2001:db8:f61:a1ff:0:0:0:80

Domain resolves to a non-Plesk IP globally or it does not list A record from name server globally:

# dig @example example.tld
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> @example -t any example.tld
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 8586
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;example.com.            IN      ANY
;; Query time: 97 msec
;; SERVER: 200.212.001.001#53(2
00.212.001.01)
;; WHEN: Fri Jun  2 02:56:09 2017
;; MSG SIZE  rcvd: 36

Cause

Incorrect DNS configuration for a domain.

Resolution

  1. Modify domain's DNS on a registrar side so that domain resolves to Plesk IP globally
  2. If A record is not returned by one of the name servers, change DNS so that both name servers return A record globally
  3. If global DNS contain AAAA record, add IPv6 address in Home > Domains > example.tld > Web Hosting Access > IPv6 Address or remove AAAA record from a global DNS for a domain
Have more questions? Submit a request
Please sign in to leave a comment.