Why I get this 400 error when getting validation data

(Potato Running) #1

When I run caddy on my server I get this error

Activating privacy features... 2018/11/02 15:16:23 [a.position.group] failed to get certificate: acme: Error 400 - urn:ietf:params:acme:error:connection - Fetching http://a.position.group/.well-known/acme-challenge/FWGWw_l8rNNryV7_3hSg9V8dZysrQF8027B2MJxzC1Q: Error getting validation data

I had check firewall but it is not the reson.

my Caddyfile is

log ./log.log
markdown /blog {
    css /blog.css
    js  /scripts.js

and caddy -log=stdout is

Activating privacy features... 2018/11/02 15:16:37 [INFO][api.position.group] acme: Obtaining bundled SAN certificate
2018/11/02 15:16:39 [INFO][api.position.group] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/PbGhj4uZKossTrPp9cTpVARRmGO3fXUDzeWDClHFfr0
2018/11/02 15:16:39 [INFO][api.position.group] acme: Could not find solver for: tls-alpn-01
2018/11/02 15:16:39 [INFO][api.position.group] acme: Trying to solve HTTP-01
2018/11/02 15:16:45 [api.position.group] failed to get certificate: acme: Error 400 - urn:ietf:params:acme:error:connection - Fetching http://a.position.group/.well-known/acme-challenge/7nTr0qca3HV7hWBWMmBmbqg--cctBR4r7FZkFsTaTYQ: Error getting validation data

I had post a github issues this

(Matthew Fay) #2

Hi @Potato_Running, welcome to the Caddy community!

Your Caddyfile says api.position.group but your logs report errors for a.position.group.

The former has DNS A records, but the latter does not.

The prime suspect when Caddy is logging errors for a site that’s different to your Caddyfile is that Caddy is loading the wrong Caddyfile, or an outdated one.

(Potato Running) #3

:joy: I am sorry to say that a.positon.group is testing dns . The problem is not about Caddyfile

(Matthew Fay) #4

Ahh, looks like you’ve edited your logs to show the same hostname now.

Just to confirm, what you posted above is the full, unredacted contents of your Caddyfile? And your Caddy host is directly available at (rather than that IP address being a proxy or load balancer etc)?

To be honest, I don’t think I’ve ever had to deal with Error getting validation data. I’m having trouble finding out exactly what circumstances provoke that particular error, but some quick research indicates it can happen when there are strange / nonsensical redirects happening.

(Potato Running) #5

I have post a photo to show this question, thank for your listenning~.

(Magikstm) #6

Are ports 80 and 443 open for this domain?

(Potato Running) #7

Yes,they are all opened.

(Magikstm) #8

Main domain appears to be unavailable online:

Can this domain and subdomains work and be viewable externally if https is disabled?

(Potato Running) #9

Yes ping api.position.group is available.
And I can run caddy success on a japanese server

(Potato Running) #10

Oh!! It is maybe my domain is in china .Need to record.

(Matthew Fay) #11

Hmm, maybe - if the route to your IP address doesn’t actually reach the server, that would explain LetsEncrypt’s error.