Certbot unauthorized Invalid response from

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.thejanowiaks.com

I ran this command: Certbot --apache

It produced this output:
Which names would you like to activate HTTPS for?


1: thejanowiaks.com
2: www.thejanowiaks.com


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 2
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.thejanowiaks.com
Waiting for verification…
Challenge failed for domain www.thejanowiaks.com
http-01 challenge for www.thejanowiaks.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

My web server is (include version): apache 2.4.6-90

The operating system my web server runs on is (include version): Centos 7.7

My hosting provider, if applicable, is: n/a

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Certbot 1.0.0

1 Like

Hi @edward

checking your domain there is a blocking firewall - https://check-your-website.server-daten.de/?q=thejanowiaks.com

Domainname Http-Status redirect Sec. G
http://thejanowiaks.com/ 104.245.35.37 -2 1.430 V
ConnectFailure - Unable to connect to the remote server
http://www.thejanowiaks.com/ 104.245.35.37 -2 1.420 V
ConnectFailure - Unable to connect to the remote server
https://thejanowiaks.com/ 104.245.35.37 -2 1.427 V
ConnectFailure - Unable to connect to the remote server
https://www.thejanowiaks.com/ 104.245.35.37 -2 1.420 V
ConnectFailure - Unable to connect to the remote server

What says

apachectl -S

(or httpd -S, if the other command doesn’t work)?

1 Like

Hello @JuergenAuer,
Thanks for the reply. It’s not a blocking firewall issue. I must have turned off the apache server while I was troubleshooting. It’s back up now and I’m still getting the same error while trying to run certbot

Thank you.

1 Like

Hello @JuergenAuer,

Do you have any insight into what might be causing my trouble with Certbot?

Thank you,

Do Apache’s logs say anything about it?

1 Like

They do! There’s a server configuration error in the virtual host error log. I found other posts with the same or similar errors, but haven’t found a definitive solutions. Any advice appreciated!

AH01797: client denied by server configuration: /var/lib/letsencrypt/http_challenges/oX7d44IWuHUSgOVJt40k5qW1d_x9SJAnerCrBCXdtS4

[Sat Feb 08 08:57:28.560728 2020] [access_compat:error] [pid 25466] [client 66.133.109.36:45354] AH01797: client denied by server configuration: /var/lib/letsencrypt/http_challenges/oX7d44IWuHUSgOVJt40k5qW1d_x9SJAnerCrBCXdtS4

403 is normally a permissions issue. You will want to confirm permissions for the directory/file are set properly for world read (755/644 ideally) & if that’s set, you may have to add some lines on your vhost/apache config file inside the Directory block if you don’t already have them, such as Require all granted

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.