Certbot cannot verify

I'm only trying to get a manual certificate using certbot certonly --manual but no matter what I do I always get this:

Challenge failed for domain tinydesign.co.uk
http-01 challenge for tinydesign.co.uk
Cleaning up challenges
Some challenges have failed.


Does anyone know what I'm doing wrong? I'm not very familiar with hosting etc.

My domain IP is:

Many thanks,


1 Like

Welcome to the Let's Encrypt Community, Ben :slightly_smiling_face:

It's fairly unusual to try to acquire a certificate by manually completing http-01 challenges, which require placing files specified by your ACME client (e.g. certbot) in /.well-known/acme-challenge in the webroot folder of your website. Most people manually complete dns-01 challenges, which require creating TXT records specified by your ACME client in your DNS.

You can specify the challenge type by adding either --preferred-challenges http or --preferred-challenges dns to your certbot command.


sudo certbot certonly --manual --preferred-challenges dns -d "tinydesign.co.uk,www.tinydesign.co.uk"


Hi griffin, thank you for your reply. I tried that but I can't use the DNS method because my host Namesco don't allow underscores.

I used to use zerossl.com for this, which used the acme-challenge technique but they got bought out and now they charge. So I was thinking it should be possible with Namesco and Certbot. I'm wondering if it's a redirect messing things up.




I tested your webserver many different ways and did not find anything evident that would prevent an http-01 challenge from succeeding. I can specifically confirm that requesting http://tinydesign.co.uk/.well-known/acme-challenge/test produces the expected 404 Not Found without a redirect of any kind. Is there a reason that you want to manually complete an http-01 challenge? If you're running certbot on your webserver, it seems much more prudent to just use the apache authenticator rather than manual:

sudo certbot certonly --apache -d "tinydesign.co.uk,www.tinydesign.co.uk" --deploy-hook "apachectl -k graceful"

Then all you need to do is:

  1. Change the SSL directives in your Apache port 443 configuration file to use the certificate and private key files in the live certbot directory for your certificate. You can determine which configuration file to edit by looking at the output of sudo apachectl -S and seeing which VirtualHost is handling port 443 for tinydesign.co.uk
  2. Reload Apache with sudo apachectl -k graceful

At that point, your certificate will even be configured to automatically renew!


Amazing, thank you griffin! I am very confused to why it doesn't work then. Unfortunately I don't know how to install certbot on my server. It has cPanel without the plugin. I installed certbot on my Windows10 PC and was trying to get a certificate that way.

Many thanks.


If you're using shared hosting with cPanel (and thus don't have root access), you are the ideal candidate for using my CertSage ACME client. Its "installation" is just uploading a single PHP file into the public_html directory on your webserver. To get your certificate, you just visit tinydesign.co.uk/certsage.php; enter your email address, domain name, and the subdomains you wish to secure; then push a button. In less than a minute, you have your certificate and can install it and its private key through the cPanel SSL function in the Security section.


That sounds ideal! How do I find that?


It hasn't been fully-released to the public yet, so I've been delivering it with instructions via private message in this community to those interested. So far I've had a 100% satisfaction rate. Guess people like super-easy when it comes to getting their certificates. :thinking: I'm testing a minor update this afternoon to satisfy the requirements for the latest certificate chain update and add a few new features. I'll send you the latest version with detailed instructions in a few hours once my testing is satisfactory. :slightly_smiling_face:

It's free, of course. :upside_down_face:


Amazing! Thank you!

Yes I don't understand much other than super-easy :slight_smile:


I've aimed to make it as simple as possible. I've actually renewed multiple certificates with CertSage from the browser on my phone while waiting in line at Starbucks.

I'll send you a message as soon as this update is ready to go.


The update testing got delayed a bit. Should be sometime tomorrow.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.