Can't renew certificate (ACME challenge failed) some weird results

My domain is:

I ran this command: certbot renew and certbot renew --force-renewal

It produced this output:

Processing /etc/letsencrypt/renewal/

Certificate not yet due for renewal

The following certificates are not due for renewal yet:
/etc/letsencrypt/live/ expires on 2023-02-22 (skipped)

But when forcing renewal:

Type: unauthorized
Detail: Invalid response from Penke: hoe kan ik jou helpen? "<!doctype html><html lang="nl"><meta charset="utf-8"><meta name="viewp ort" content="width=devic"

Type: unauthorized
Detail: Invalid response from Financieel Onafhankelijk Worden "\n<html class="no-js" lang="nl" prefix="og:\">\n\n <meta charset="UTF-8">\n <meta name="view"

Note: there are multiple domains in the cert.

My web server is (include version): Apache/2.4.37

The operating system my web server runs on is (include version): Centos 8 stream

I can login to a root shell on my machine (yes or no, or I don't know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.32.0

The certbot renew command works fine. But when forcing to update the certificate it fails. The weird part is that the command tells me

Penke: hoe kan ik jou helpen?

is not reachable but when entering this in my browser I can access it. Also, the certificate is renewed yesterday so that seems to work.

For domain it only says that Financieel Onafhankelijk Worden unauthorised without mentioning the ".well-known/acme-challenge/" path.

I don't understand why it did renew the certificate for but not for while both virtual hosts are the same. Does this have to do with the redirect to HTTPS?

Update: when I run certbot --apache it does update the certificate for but I'm not sure what certbot changed...

But another domain in that same certificate get an error: too many failed authorizations recently

Update: the other domain is also updated.

Now the question is, what did certbot --apache in the httpd config?

Testing and debugging are best done using the Staging Environment as the Rate Limits are much higher. Rate Limits are per week (rolling).

Using this online tool letsdebug-toolkit the result are here | I see


Has also hit the rate limits as well. Using this online tool letsdebug-toolkit shows results here letsdebug-toolkit
And a certificate was issued 25 Nov 2022 10:21:07 UTC

And using this online tool SSL Server Test (Powered by Qualys SSL Labs) the results here SSL Server Test: (Powered by Qualys SSL Labs) show a recently issued certificate being served


Why would you force renewal when you already have a perfectly fine certificate? I don't understand the train of thought.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.