Can't create SSL

I have created ubuntu server 16.04.3 and am trying to install a SSL using Certbot but it doesn’t work.

Steps i took:

1- add-get-repository ppa:certbot/certbot
2- apt-get update
3- apt-get install python-certbot-apache
4- certbot --apache -d -d

  • I have created a server using this same way a few times before but this is the first time i get this which is why i am so confused

After step 4 i then get this error message(this is the complete error from the logs-Heads up its long):

2018-06-15 09:14:38,215:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Type: unauthorized
Detail: Invalid response from "

404 Not Found

Not Found


Type: unauthorized
Detail: Invalid response from "

404 Not Found

Not Found


To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2018-06-15 09:14:38,215:INFO:certbot.auth_handler:Cleaning up challenges
2018-06-15 09:14:38,918:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.22.2’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/”, line 1266, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/”, line 1031, in run
certname, lineage)
File “/usr/lib/python3/dist-packages/certbot/”, line 118, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python3/dist-packages/certbot/”, line 350, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python3/dist-packages/certbot/”, line 294, in obtain_certificate
orderr = self._get_order_and_authorizations(, self.config.allow_subset_of_names)
File “/usr/lib/python3/dist-packages/certbot/”, line 330, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/usr/lib/python3/dist-packages/certbot/”, line 79, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File “/usr/lib/python3/dist-packages/certbot/”, line 154, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File “/usr/lib/python3/dist-packages/certbot/”, line 220, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from "

404 Not Found

Not Found

<p", (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from " 404 Not Found

Not Found


Does the domain definitely point to this server?

Can you show:

apachectl -S
ip a

Yes it does because when i type in the domain without the https then i get to the website.

Forgot to mention that i moved this domain to a new server and on the previous server i had a ssl working but after migrating it to this new one then i can’t get the ssl.

Here is the output of the commands requested:


Can you please execute the following command and share us the output?

It would detect your server IPs.

Also, your Apache doesn’t seems to have alias for the www version.

1 Like

Here is the output for the up commands:


Also in the /etc/apache2/sites-available/ file the alias is there see below:


DocumentRoot /var/www/html

<Directory /var/www/html/>
Options All
AllowOverrride All
allow from all


The first command shows the issue...

Your server IP is (at least that's the one it use to communicate to outside)

The website you are pointing to

Can you double check if that IP is on this server?

Just to confirm, please run ifconfig and see if the is in there.

I'm not sure if <VirtualHost >could contain a domain name rather than IP address


Not sure why it would fail.

On the chance that something is wrong with the Apache authenticator, you could try:

certbot -i apache -a webroot -w /var/www/html \
-d -d --dry-run

Edit: @stevenzhu caught the IP difference, nice eye. Try that instead.

my word i only noticed that difference now in the IP of the server.
I ran the ifconfig command and the doesn’t show only the internal IP of, however when i go to the firewall the internal IP is set to and the Static is which is also by my domain provider.

So on the firewall it is link to which is the correct IP.
Would i have to change that IP as i have no idea how that got to be?

I normally do my VirtualHost with the and it always worked.

I changed the to <VirtualHost *:80> and then restarted apache then ran this again certbot --apache -d -d then it worked. I can use https also in the browser so everything is working.

Thanks for the help saved me big time

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.