Add New certificate to server. apache & webroot not working


First i tried this command:
sudo certbot --apache --apache-server-root /etc/apache2 --apache-challenge-location /etc/apache2

I get this response:

Error running command ['apache2ctl', '-t', '-D', 'DUMP_RUN_CFG'] for runtime parameters!

The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError("Error accessing loaded Apache parameters: ['apache2ctl', '-t', '-D', 'DUMP_RUN_CFG']")

After that i tried it via webroot:

sudo certbot --webroot -w /etc/apache2/sites-enabled/ -d example.domain

Did not work. I got this response:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
With the webroot plugin, you probably want to use the "certonly" command, eg:

    certbot certonly --webroot

(Alternatively, add a --installer flag. See
 and "--help plugins" for more information.)
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

And lastly i added the certonly parameter:

sudo certbot certonly --webroot -w /etc/apache2/sites-enabled/ -d example.domain

And got this response:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for example.domain

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: example.domain
  Type:   unauthorized
  Detail: Invalid response from http://example.domain/.well-known/acme-challenge/R-0n-CMBKSigRSF51qyrGg_1YnkYcHBUpKS4Y581nns: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

I have absolutley no idea what i'm missing. There are certificates on the server for other domains( that are being updated regularly ).

Do i have to manually create the directory ".well-known/acme-challenge" ?

That's a valid format but the -w path should be your DocumentRoot folder described in the VirtualHost for that domain. It should definitely not be your sites-enabled folder

No. It is created if/as needed.


So "-w" is the path to the htdocs? I thought it is the path to the .conf files.

sudo certbot certonly --webroot -w /htdocs/ -d example.domain

The -w folder (--webroot-path) should match the DocumentRoot folder


Thanks a lot, that was the problem. It works!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.