Can't renew certificate


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: sudo certbot certonly --force-renew -d -d
(option 3, path: /var/lib/tomcat7/webapps/ROOT/ where my .pfx currently working file is)

It produced this output:

Waiting for verification…
Cleaning up challenges
Failed authorization procedure. (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching Invalid hostname in redirect target, must end in IANA registered TLD, (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from []: “\n\n404 Not Found\n\n

Not Found


(Suspicious that is fetching to:… lost “/”?)

My web server is (include version):
Apache Tomcat/7.0.52 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 14.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

certbot 0.28.0


Hi @jaimiris

that’s the “missing slash redirect problem” (output via ):

Domainname Http-Status redirect Sec. G 301 0.097 A 200 0.467 H 200 0.503 N
Certificate error: RemoteCertificateChainErrors 200 0.690 N
Certificate error: RemoteCertificateChainErrors 200 0.580 N
Certificate error: RemoteCertificateChainErrors 301 0.097 A
Visible Content: Moved Permanently The document has moved here . Apache/2.4.7 (Ubuntu) Server at Port 80 404 0.097 A
Not Found
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server. Apache/2.4.7 (Ubuntu) Server at Port 80 -1 0.030 R
NameResolutionFailure - The remote name could not be resolved: ‘’
Visible Content:

Your http redirects to https, but without a slash at the end (first row).

If there is a subdirectory /.well-known/acme-challenge redirected, the result is the not existing domain

that can’t work.

So check your redirect rule to add a “/” after your %SERVER - Variable.

1 Like

PS: Your www-version isn’t redirected.

So the http version is checked. But http has a

Server: Apache/2.4.7 (Ubuntu)


https has a

Server: Apache-Coyote/1.1

If your webroot is the https version, you must add a www-redirect http -> https.

1 Like

Hi @JuergenAuer
Your response makes perfect sense… but something new happened:

Cleaning up challenges
An unexpected error occurred:
The server experienced an internal error :: Problem getting authorization
Please see the logfiles in /var/log/letsencrypt for more details.

… in the log we have:

2019-04-17 10:36:58,602:DEBUG:certbot.error_handler:Calling registered functions
2019-04-17 10:36:58,602:INFO:certbot.auth_handler:Cleaning up challenges
2019-04-17 10:36:58,602:DEBUG:certbot.plugins.webroot:Removing /var/lib/tomcat7/webapps/ROOT/.well-known/acme-challenge/9c0W5yrxnOzT2ii7D8p3_d$
2019-04-17 10:36:58,603:DEBUG:certbot.plugins.webroot:Removing /var/lib/tomcat7/webapps/ROOT/.well-known/acme-challenge/tISpbFpiZPRjvZrjXhl8Ag$
2019-04-17 10:36:58,603:DEBUG:certbot.plugins.webroot:All challenges cleaned up
2019-04-17 10:36:58,604:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.28.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/”, line 1340, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/”, line 1225, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python3/dist-packages/certbot/”, line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File “/usr/lib/python3/dist-packages/certbot/”, line 305, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File “/usr/lib/python3/dist-packages/certbot/”, line 335, in obtain_certificate
orderr = self._get_order_and_authorizations(, self.config.allow_subset_of_names)
File “/usr/lib/python3/dist-packages/certbot/”, line 371, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/usr/lib/python3/dist-packages/certbot/”, line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File “/usr/lib/python3/dist-packages/certbot/”, line 161, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File “/usr/lib/python3/dist-packages/certbot/”, line 212, in _poll_challenges
aauthzrs, index, chall_update[index])
File “/usr/lib/python3/dist-packages/certbot/”, line 244, in _handle_check
updated_authzr, _ = self.acme.poll(original_aauthzr.authzr)
File “/usr/lib/python3/dist-packages/acme/”, line 213, in poll
response =
File “/usr/lib/python3/dist-packages/acme/”, line 1097, in get
self._send_request(‘GET’, url, **kwargs), content_type=content_type)
File “/usr/lib/python3/dist-packages/acme/”, line 999, in _check_response
raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:serverInternal :: The server experienced an internal error :: Problem getting authorization
2019-04-17 10:36:58,606:ERROR:certbot.log:An unexpected error occurred:
2019-04-17 10:36:58,606:ERROR:certbot.log:The server experienced an internal error :: Problem getting authorization


After checking your “www…” suggestion everytjing worked
Thank you very much, Sir