Letsencrypt error Invalid response from

Under some circumstances you may encounter an error while getting a certificate from Letsencrypt with Type: unauthorized and Detail: Invalid response from

Most often it happens when website’s root is different from webserver’s root. Good example are Laravel based applications where website’s root is often in /public subfolder. In such case ACME challenges will be redirected to /public resulting in the error:

We can see that Certbot gets a website itself (note the HTML markup tags) instead of the generated file.

And a few lines below we can see where Certbot expects the challenge string to be:

Here is Laravel’s .htaccess file in public_html folder:

As we can see all URIs that don’t start with “public” are redirected to /public via rewrite rule.

So in fact

“/home/domain.com/public_html/.well-known/acme-challenge/MI7iKrhmsVdVgc9EKIoRnK2FQt3L98wWULVGb7_5U6Y”

request becomes

“/home/domain.com/public_html/public/.well-known/acme-challenge/MI7iKrhmsVdVgc9EKIoRnK2FQt3L98wWULVGb7_5U6Y”

and that’s why we can see HTML tags of the actual website in the Letsencrypt log.

To allow Letsencrypt challenges in .htaccess add a separate rule, before all others, that effectively disables rewriting for files in the directory, like this:

You may wish to add a file existence check immediately before the rule so your custom error response page is shown rather than the server’s default:

On an Apache 2.4 vhost without a document root, it’s may be needed to add a slash after the ^ as follows: RewriteRule ^/\.well-known/.+ - [END]

So the .htaccess that fixes Letsencrypt error “Invalid response from” will be as follows:

Good luck!

Want me to do this for you? Drop me a line: itgalaxyzzz {at} gmail [point] com