Challange failed for my domain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: certbot --apache -m -d

It produced this output:

Challange failed for domain
http-01 challenge for
Cleaning up challenges have failed.

  • The following errors were reported by the server:

Type: unauthorized
Detail: During secondary validation: Invalid response from

\n\n404 Not Found\n\n........... I am not writing the whole HTML. It is just "Not Found"

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP addresses.

My web server is (include version): Apache 2.4.41

The operating system my web server runs on is (include version): Ubuntu 20.04 LTS

My hosting provider, if applicable, is: MC-Host24

I can login to a root shell on my machine (yes or no, or I don't know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.40.0

I created the A record and the frame record on mc-host were I have rented the rootserver and the domain.
2021-11-09 21_26_44-Window

What can I do now?

"Secondary validation" implies that the primary validation was successful.
That means LEs' primary and secondary locations are being served inconsistent/different content.


Hey @rg305,
thanks for your reply.

What can I do now to get the secondary validation working?


I‘ve tried it again and now I got another error:

Detail: Invalid response from
[IP]: "\n\n404 Not

Not Found


I would start troubleshooting that error with the output of:
sudo apachectl -t -D DUMP_VHOSTS


@leon47331 In addition to Rudy's request, are you using sudo in front of the certbot command?


This is confusing.
Why would you need to do both?

You must have a working HTTP site before you can secure it (via HTTP authentication).


Hey @MikeMcQ,
thanks for your reply.
I am logged in with root so that's shouldn't be the problem :+1:


It was a long shot. What about Rudy's two requests? That is, why do you need a frame record and let's see the results of his
sudo apachectl -t -D DUMP_VHOSTS


Hey @rg305,
thanks for your reply.
I created the A record for testing purposes but already removed it :+1:


This is the output:

*:80 is a NameVirtualHost
default server (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost (/etc/apache2/sites-enabled/website.conf:1)

I have a working HTTP site :+1:

I have a frame record because my domain hoster let me automatically assign the domain to a website (don't know how to explain it).

LE can't validate domains encapsulated within frames.


Oh alright...
What can I do instead of frames?

Could you remove the "frame" DNS entry and just use an A record to your IP? I see you have an Apache alias for the www subdomain. To use that you will need an A record for it so why not for the apex domain name too?

The --apache http challenge will return a specific value to the Lets Encrypt server for authentication. It must see that value without any extra frame tags or similar. You have not gotten that far yet. Just noting this for context.


It is working finally and I could generate the certificate! :slight_smile:

Thanks for your help @MikeMcQ and @rg305

Have a nice day! :slight_smile: :+1:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.