Challenge failed for domain, Invalid response

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:certbot --apache2

It produced this output:
Which names would you like to activate HTTPS for?


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
http-01 challenge for
http-01 challenge for
http-01 challenge for
Enabled Apache rewrite module
Waiting for verification...
Challenge failed for domain
Challenge failed for domain
http-01 challenge for
http-01 challenge for
Cleaning up challenges
Some challenges have failed.


  • The following errors were reported by the server:

    Type: unauthorized
    Detail: Invalid response from
    []: "\n<!--

    Type: unauthorized
    Detail: Invalid response from
    []: "\n<!--

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version): Apache/2.4.41

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is: IONOS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.40.0

Why does certbot try to verify by accessing folders is pointing to?

When I invoke in a web browser, the correct web pages are loaded and displayed.

Hi @karx11erx

looks like Certbot doesn't understand your configuration. May be there is no matching vHost with all 4 domain names.

What says

apachectl -S

Perhaps create two certificates, one per main domain.

There are two different .conf files, each containing virtualhost descriptions: One for and (brockart.conf), the other for and (descent2.conf). Accessing the brockart web content using e.g. Chrome on Windows via (or works.

apachectl -S says:

VirtualHost configuration:
*:80 is a NameVirtualHost
default server localhost.localdomain (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost localhost.localdomain (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost (/etc/apache2/sites-enabled/brockart.conf:1)
port 80 namevhost (/etc/apache2/sites-enabled/descent2.conf:1)
*:443 is a NameVirtualHost
default server (/etc/apache2/sites-enabled/brockart.conf:18)
port 443 namevhost (/etc/apache2/sites-enabled/brockart.conf:18)
port 443 namevhost (/etc/apache2/sites-enabled/descent2.conf:18)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex watchdog-callback: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
PidFile: "/var/run/apache2/"
User: name="www-data" id=33
Group: name="www-data" id=33

So you see: No matching vHost.

With such a vHost configuration, you shouldn't create one certificate with both main domain names.

-->> create two certificates, use two commands.

To be honest: I don't understand that. wouldn't be resolved if there wasn't a working virtualhost definition active for it I believe.

If I have certbot create a certificate for, it works. If I have it do it for, it fails. ???

That's expected.

Now checked your configuration - completely buggy - what a mess -

Host Type IP-Address is auth. ∑ Queries ∑ Timeout A Rheinmuenster/Baden-Württemberg/Germany (DE) - SCHLUND Hostname: yes 1 0
AAAA yes A Rheinmuenster/Baden-Württemberg/Germany (DE) - SCHLUND No Hostname found yes 1 0
AAAA yes

Different ip addresses, different servers:

One is an Apache

Server: Apache/2.4.41 (Ubuntu)

the other is Plesk:

Server: Apache
X-Powered-By: PleskLin

Errors are expected.

The Plesk configuration doesn't exist anymore. What happened is that I switched from a very old server package at IONOS to an actual one. They installed Plesk with the new server, which caused a mess, so I reinstalled Ubuntu 20.04 without Plesk. I then migrated the two domains using the IONOS web interface. I didn't even edit the IP addresses, I simply ordered the domains to be migrated to the new contract. IONOS messed up the IP addresses. I just noticed that for one A record and fixed it. When migrating, the interface even created partially different A records for the two domains. Obviously still somehow sticks with the old server - I have no bloody clue why.

Edit: Well I, do have a clue. Their web interface / services behind it didn't handle this properly.

Thanks for pointing this problem out. I haven't been setting up a server for 8 or 10 years, and I am a bit rusty.

Edit 2: I just fixed the IP address in's A record's '@' entry, and now everything works.

1 Like

Yep. Different ip addresses - that can't work. The same ip address -> all is easy.

Happy to read you have fixed it :+1:

1 Like

Thanks for your help. You led me on the right track. :grinning:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.