"Challenge failed for domain" Detail: Invalid response from <domain>

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: wiki.spiretrading.com

I ran this command: certbot certonly --webroot -w /var/www/wiki.spiretrading.com -d wiki.spiretrading.com

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for wiki.spiretrading.com
Using the webroot path /var/www/wiki.spiretrading.com for all unmatched domains.
Waiting for verification...
Challenge failed for domain wiki.spiretrading.com
http-01 challenge for wiki.spiretrading.com
Cleaning up challenges
Some challenges have failed.


My web server is (include version): NGINX 1.17.10

The operating system my web server runs on is (include version): Ubuntu 20.04 LTS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.40.0

This certificate is for a mediawiki installation that we have. It was previously installed and running in a different server and I had to move it to this one. On this server I also had a certificate for another subdomain "phpmyadmin.spiretrading.com" but I removed with the "certbot delete" command. This subdomain (phpmyadmin) was working fine but it was supposed to be temporary until I got the wiki running. I also have another certificate for spiretrading.com.

1 Like

Hi @arthurlucena

if you use webroot and if that doesn't work, your webroot may be wrong.

See your error:

Letsencrypt sees a redirect to your main domain and follows that redirect.


  • remove that redirect (or)
  • use the webroot of your main domain as -w parameter

Hi @JuergenAuer! Thanks for such a fast reply. Removing the redirect would affect my main domain’s certificate or access, right? What is the safest way to change the webroot (your second suggestion) without affecting the up-time on my site (spiretrading.com)?

1 Like


The redirect is from your subdomain. A redirect has nothing to do with a certificate.

Please change your command. I didn't wrote something about changing your main domain.


-w is only a shortcut of --webroot.


Sorry, I got confused. So you mean to use:
certbot certonly --webroot -w /var/www/spiretrading.com -d wiki.spiretrading.com
when you suggested to use the webroot of my main domain?

1 Like

I just run the certbot certonly --webroot command and I could get the certificate today. Everything is working, could it be a cache situation on Let’s Encrypt’s end? Regardless, thanks @JuergenAuer

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.