Articles in this section

See more

Unable to issue Let's Encrypt Certificate: During secondary validation: Invalid response. <title>Captcha</title>

Avatar
Francisco Garcia
Updated
Follow
Plesk for Linux kb: technical ext: le

Applicable to:

  • Plesk for Linux

Symptoms

  • Unable to issue Let's Encrypt Certificate:

    CONFIG_TEXT: Detail: During secondary validation: Invalid response from http://example.com/.well-known/acme-challenge/1tKjieKSvO82nyBBUrPyarSdIOmEfFui3DZ9CaxTaPc [203.0.113.2]: "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"UTF-8\">\n <title>Captcha</title>\n <link rel=\"stylesheet\"\n "

  • The error reports some "<title>Captcha</title>" response, however browser and CURL returns the correct file.

  • During the certificate request, there is only one HTTP GET request from Let's Encrypt validation server that reaches the server and appears in logs (should be two or three similar requests in a row) /var/www/vhosts/system/example.com/logs/proxy_access_ssl_log

    CONFIG_TEXT: 203.0.113.3 - - [26/Jun/2020:13:15:50 +0700] "GET /.well-known/acme-challenge/E40340TLEpSAoZMvV9dyQCuAetVxXilQ8k_tzb0VONw HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

  • Imunify360 is installed on the server

Cause

This issue is caused by an Imunify 360 firewall rule (IM360) which fixed in version 3.18 of the ruleset.

Resolution

  1. Log in to Plesk through SSH as root user

  2. Execute:

    # imunify360-agent update --force modsec-rules

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles