Challenge Failed - Unauthorized - Invalid Response

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:, IP

I ran this command from my Putty Client: $ sudo ./certbot-auto certonly --webroot -w /opt/bitnami/apps/wordpress/htdocs/ -d -d

It produced this output: Challenge Failed - Unauthorized - Invalid Response. - I can provide jpg screen shot but how do I seen to you??

My web server is (include version): latest Apache

The operating system my web server runs on is (include version): Bitnami Wordpress lightsail instance. - Latest version.

My hosting provider, if applicable, is: AWS Bitnami Wordpress lightsail instance

I can login to a root shell on my machine (yes or no, or I don’t know): yes via putty

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Wordpress Dashboard

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot-auto - Latest version

You shouln’t have installed certbot on that machine.

1 Like

For Bitnami, try using the instructions at instead of using Certbot. They tend to be a bit more straightforward.

1 Like

Hi, Thanks for your prompt feedback. The reason I used Certbot was because I have a number of other AWS Bitnami Lightsail sites currently working fine with it. It is just this “challenge fail” that is causing the problem. Is there a way of identifying the reason the domain appears invalid? Thanks.

Well, the immediate reason would be that your webserver is intercepting the challenge requests and serving a totally unrelated page with an HTTP 200. For example, try visiting

Only you know how your webserver is setup so it’s hard to say exactly why it behaves this way, but one could guess that you need to exclude /.well-known/acme-challenge from whatever is causing the requests to always go to that page.

Thanks for your quick response. Are you suggesting I should use the “bncert-tool” or the manual method?

That depends on your needs, the bitnami documentation should contain your answer.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.