Bug: Unable to obtain let's encrypt certificate via https-challenge.

[Keyinator]

It seems to fail when trying to fetch the challenge via https://<TLD>/.well-known/acme-challenge/<CHALLENGE ID>.
Reason is "<IP>: Invalid response from https://<TLD>/.well-known/acme-challenge/<CHALLENGE ID>: 400".
When accessing the above url you get an http 400 error with the content path contains illegal components.

This seems to be related to the . in the url and is caused by https://lists.proxmox.com/pipermail/pbs-devel/2021-September/004026.html .

This appears on both PBS 2.4 and PBS 3.0

 

[Keyinator]

Any updates on this? I am still experiencing said issue.

 

[Retro1982]

Acme http challenges are hardcoded to http! Not https, so your url is wrong…

 

[khe]

Acme http challenges are hardcoded to http! Not https, so your url is wrong…

And the ACME challenge TLS-ALPN-01 is using https on port 443 …

 

[Retro1982]

Yea there is the TLS-ALPN-01 challenge but it does not use any urls and is done directly after the ssl handshake, so i think the op is speaking of the HTTP-01 challenge …

 

[Keyinator]

Acme http challenges are hardcoded to http! Not https, so your url is wrong…

Thanks.
I recently re-added an https-redirect to the reverse-proxy of this url which caused this issue.

Removing it fixed the issue.