Creat new certificate failed on a proxy reverse

Hello everyone,
I encounter an issue during the first certificate generation of the domain name I want to use this domain on a reverse proxy server in apache2 on the "server 1". This server proxy is used to redirect client to a raspberry pi 4 "server 2" in the local network where the apache server is installed. The website hosted on the raspierry pi 4 can be reach only in the local network throught an URL like http://my.domain.private:8080 (with "my.domain.private" associated to an ip address in /etc/hosts in the apache2 server). The proxy virtual host on the apache2 server is the following:

"<VirtualHost *:80>
ProxyPass / http://my.domain.private:8080/
ProxyPassReverse / http://my.domain.private:8080/
ProxyPreserveHost On

My first investigations:

  • I set up listening port on apache2 like this: (disabling ipv6)
  • The Let's debug returned the following result: Let's Debug
  • I set up a root path for the proxy server like /var/myserver in case of the certbot needs a directory.
  • The domain name is redirected to the correct ip address by dynhost on OVH CLOUD.
  • The proxy server is working and redirect all flow from on the correct website hosted on the raspberry pi 4.

Do you have any idea of what kind of mistake I could have done?

Thank you by advance!

My domain is:

I ran this command: sudo certbot

It produced this output:

"Failed authorization procedure. (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from []: 403


My web server is (include version): apache/2.4.29

The operating system my web server runs on is (include version): ubuntu 18.04

My hosting provider, if applicable, is: private server

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.27.0

1 Like

I think your apache config on the reverse proxy is somehow interfering (or not interfering enough, and the requests just go to the raspberry pi ignoring the reverse proxy completely)

1 Like

I'm not sure exactly what your problem is, but certbot 0.27.0 is quite old. The latest release is certbot 1.26.0: Releases · certbot/certbot · GitHub.

It's worth spending time to update to a recent version of certbot. You can find instructions that will work on Ubuntu 18 here: Certbot Instructions | Certbot (found by going to, and selecting "I'm using" > "Apache", "on" > "Ubuntu 18".


Thank you for your feedback! I finaly solved the problem by adding a webroot on the proxy server to make sure that certbot can send his data to verifying the server authentification.

I also updated certbot the the version 1.26.0.


Excellent! Glad you solved the problem.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.