400 Bad Request The plain HTTP request was sent to HTTPS port

Centos 7.9.2009:

I have web/virtual min installed on my server with only Nginx as the web server. I am getting 4004 bad request while creating SSL for my websites using lets encrypt and cannot browse any website.

here is the error I received in the email:

An error occurred requesting a new certificate for [exampledomain] from Let's Encrypt : Web-based validation failed : Failed to request certificate : <pre>Traceback (most recent call last):
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 198, in <module>
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=[args.ca](http://args.ca/), disable_check=args.disable_check, directory_url=args.directory_url, contact=args.contact)
File "/usr/libexec/webmin/webmin/acme_tiny.py", line 149, in get_crt
raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization))
ValueError: Challenge did not pass for [exampledomain]: {u'status': u'invalid', u'challenges': [{u'status': u'invalid', u'validationRecord':u'error': {u'status': 403, u'type': u'urn:ietf:params:acme:error:unauthorized', u'detail': u'Invalid response from: "<html>\\r\\n<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>\\r\\n<body>\\r\\n<center><h1>400 Bad Request</h1><"'}, u'validated': u'2021-05-18T05:45:11Z', u'type': u'http-01'}], u'identifier': {u'type': u'dns', u'value': u'}, u'expires': u'2021-05-25T05:45:10Z'}
</pre> DNS-based validation failed : Only the offical Let's Encrypt client supports DNS-based validation

Try to install certbot and retry after that.

The challenge failed. I know the error looks scary, but the “ValueError” bit is the useful part.

This usually means the Let’s Encrypt servers cannot reach the validation key on your server. So, you either have redirect or proxy rules that prevent access to .well-known directory or DNS is wrong (for one ore more hostnames you’re requesting certificates for). There are probably other possibilities, but that’s like 99% of failures.

certbot is only strictly needed for wildcards. You shouldn’t need it to be able to validate via DNS, assuming you’ve got the web side of things setup right to allow validation.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.