Thanks for your reply. Of course I did.
Just as a reminder for people having the same problem - to give them something specific, instead of generic, half-baked, wikipedia-like “solutions”:
In my case, the problem was in the configuration file which governs the whole process. This is located in
This file had a section where you could read (only relevant sections included):
[renewalparams] authenticator = None installer = None webroot_path = /var/www/letsencrypt, [[webroot_map]] donaldduck.com = /var/www/letsencrypt
This is obviously wrong. I am using nginx with /.well-known/acme-challenge technolgy, so I get response from ACME server even when all my domains are up and nginx is running (anyway, what kind of stupid idea is to take down your webserver so certbot can hog your port 80?!)
The correct section should read:
[renewalparams] authenticator = webroot installer = None webroot_path = /var/www/letsencrypt, [[webroot_map]] donaldduck.com = /var/www/letsencrypt
By changing authenticator config param, I got it to work. Obviously, don’t go and copy-paste this code, it is valid only for webroot authenticator. If you use Apache (I pity you for using buggy, flawed and insecure webserver), switch to nginx and use webroot. You’ll thank me later. Or not.
While I am happy there is CA like Letsencrypt issuing free certs for everyone, it should be important for these folks not to forget the ease of use and not to overcomplicate the whole process. It is brutally overcomplicated now. A breath of Ruby-like simplicity would do you good.