"Challenged failed for" when renewing expired certification

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: crazyblockstech.com and www.crazyblockstech.com

I ran this command:

certbot certonly --cert-name crazyblockstech.com -a apache -d crazyblockstech.com,www.crazyblockstech.com --dry-run

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer None
Cert is due for renewal, auto-renewing...
Simulating renewal of an existing certificate for crazyblockstech.com and www.crazyblockstech.com
Performing the following challenges:
http-01 challenge for crazyblockstech.com
http-01 challenge for www.crazyblockstech.com
Waiting for verification...
Challenge failed for domain crazyblockstech.com
Challenge failed for domain www.crazyblockstech.com
http-01 challenge for crazyblockstech.com
http-01 challenge for www.crazyblockstech.com
Cleaning up challenges 

 - The following errors were reported by the server:

   Domain: crazyblockstech.com
   Type:   unauthorized
   Detail: Invalid response from

   Domain: www.crazyblockstech.com
   Type:   unauthorized
   Detail: Invalid response from

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version):

The operating system my web server runs on is (include version):
Debian 11 GNU/Linux x86-64
uname -a:
Linux debian-s-1vcpu-1gb-amd-nyc1-01 5.10.0-10-amd64 #1 SMP Debian 5.10.84-1 (2021-12-08) x86_64 GNU/Linux

My hosting provider, if applicable, is:
debian-s-1vcpu-1gb-amd ("Premium AMD")

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.12.0

I am trying to renew my certificate for my website but running into this error when renewing.

Apache is used as a reverse proxy for Gunicorn in this case.

Thanks in advance.

Update: Disabled fail2ban but received the same error

1 Like

Hi @CrazyblocksTech, and welcome to the LE community forum :slight_smile:

It's not a fail2ban issue.
Looks like Apache is up to some mischief.
Let's have a look at the output of:
apachectl -t -D DUMP_VHOSTS


Let's have a look at the output of: apachectl -t -D DUMP_VHOSTS

Output of apachectl -t -D DUMP_VHOSTS:

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443                  is a NameVirtualHost
         default server catchall (/etc/apache2/sites-enabled/crazyblockstech.com-le-ssl.conf:1)
         port 443 namevhost catchall (/etc/apache2/sites-enabled/crazyblockstech.com-le-ssl.conf:1)
         port 443 namevhost crazyblockstech.com (/etc/apache2/sites-enabled/crazyblockstech.com-le-ssl.conf:13)
                 alias www.crazyblockstech.com
*:80          (/etc/apache2/sites-enabled/crazyblockstech.com.conf:12)

I ended up doing an reinstallation of Debian 11 (i.e. created new "Droplet" on DigitalOcean).
Redid the Apache and certbot configurations.
Now, verification succeeded after running certbot --apache -d crazyblockstech.com -d www.crazyblockstech.com

I am still unsure what happened with verification before but it was likely something to do with Apache.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.