acme.sh script failing with Verify error: Invalid response from https://example.com/.well-known/acme-challenge/etc. Please add '--debug' or '--log'

Question

From time to time I run into this error when trying to get a Let's Encrypt certificate via the acme.sh script.

Sometimes it's the first time trying to get a Let's Encrypt certificate, and sometimes it worked previously but now suddenly doesn't work.

The error message is similar to:

domain.com:Verify error:Invalid response from https://example.com/.well-known/acme-challenge/1kSTnls6_vcku98gwLEUMQNnbl1cSY1pdBrPi7sJdos
Please add '--debug' or '--log' to check more details.
See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

Adding the --debug option, reveals some log entries similar to:

Changing owner/group of .well-known to username:nobody
chown: changing ownership of /home/path/to/example.com: Operation not permitted

What's the solution?

Answer 1

Hopefully this will save others some time googling, or poring over the documentation, or reading through the closed GitHub issues.

First thing to check: does the website folder have an .htaccess file in it?
(By "website folder" we mean where the actual website files are stored, such as /home/youruser/public_html/path_to_your_domain.com

(Note that dot files like .htaccess are hidden by default in CPANEL file manager, so you might need to use an FTP app to check - or enable showing hidden files in the CPANEL file manager (there is a Settings button at top right))

If so:

a) Rename the .htaccess file (to .xxxhtaccess or etc)

b) re-run the acme.sh script

c) When successful, rename the .htaccess file back again

Some References:

acme.sh GitHub Issues

acme.sh Documentation