Unable to issue Let's Encrypt Certificate: During secondary validation: Invalid response. <title>Captcha</title>

Taras Ermoshin

Updated November 03, 2020 20:36

Plesk for Linux kb: technical ext: le ABT: Group B

Applicable to:

Unable to issue Let's Encrypt Certificate:

CONFIG_TEXT: Detail: During secondary validation: Invalid response from http://example.com/.well-known/acme-challenge/1tKjieKSvO82nyBBUrPyarSdIOmEfFui3DZ9CaxTaPc [203.0.113.2]: "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"UTF-8\">\n <title>Captcha</title>\n <link rel=\"stylesheet\"\n "
The error reports some "<title>Captcha</title>" response, however browser and CURL returns the correct file.
During the certificate request, there is only one HTTP GET request from Let's Encrypt validation server that reaches the server and appears in logs (should be two or three similar requests in a row) /var/www/vhosts/system/example.com/logs/proxy_access_ssl_log

CONFIG_TEXT: 203.0.113.3 - - [26/Jun/2020:13:15:50 +0700] "GET /.well-known/acme-challenge/E40340TLEpSAoZMvV9dyQCuAetVxXilQ8k_tzb0VONw HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
Imunify360 is installed on the server

This issue is caused by an Imunify 360 firewall rule (IM360) which fixed in version 3.18 of the ruleset.