Certbot unauthorized Invalid response from

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.thejanowiaks.com

I ran this command: Certbot --apache

It produced this output:
Which names would you like to activate HTTPS for?


1: thejanowiaks.com
2: www.thejanowiaks.com


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 2
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.thejanowiaks.com
Waiting for verification…
Challenge failed for domain www.thejanowiaks.com
http-01 challenge for www.thejanowiaks.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

My web server is (include version): apache 2.4.6-90

The operating system my web server runs on is (include version): Centos 7.7

My hosting provider, if applicable, is: n/a

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Certbot 1.0.0

1 Like

Hi @edward

checking your domain there is a blocking firewall - https://check-your-website.server-daten.de/?q=thejanowiaks.com

Domainname Http-Status redirect Sec. G
http://thejanowiaks.com/ 104.245.35.37 -2 1.430 V
ConnectFailure - Unable to connect to the remote server
http://www.thejanowiaks.com/ 104.245.35.37 -2 1.420 V
ConnectFailure - Unable to connect to the remote server
https://thejanowiaks.com/ 104.245.35.37 -2 1.427 V
ConnectFailure - Unable to connect to the remote server
https://www.thejanowiaks.com/ 104.245.35.37 -2 1.420 V
ConnectFailure - Unable to connect to the remote server

What says

apachectl -S

(or httpd -S, if the other command doesn’t work)?

1 Like

Hello @JuergenAuer,
Thanks for the reply. It’s not a blocking firewall issue. I must have turned off the apache server while I was troubleshooting. It’s back up now and I’m still getting the same error while trying to run certbot

Thank you.

1 Like

Hello @JuergenAuer,

Do you have any insight into what might be causing my trouble with Certbot?

Thank you,

Do Apache’s logs say anything about it?

1 Like

They do! There’s a server configuration error in the virtual host error log. I found other posts with the same or similar errors, but haven’t found a definitive solutions. Any advice appreciated!

AH01797: client denied by server configuration: /var/lib/letsencrypt/http_challenges/oX7d44IWuHUSgOVJt40k5qW1d_x9SJAnerCrBCXdtS4

[Sat Feb 08 08:57:28.560728 2020] [access_compat:error] [pid 25466] [client 66.133.109.36:45354] AH01797: client denied by server configuration: /var/lib/letsencrypt/http_challenges/oX7d44IWuHUSgOVJt40k5qW1d_x9SJAnerCrBCXdtS4

403 is normally a permissions issue. You will want to confirm permissions for the directory/file are set properly for world read (755/644 ideally) & if that’s set, you may have to add some lines on your vhost/apache config file inside the Directory block if you don’t already have them, such as Require all granted