Error renewing certificates

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:,,,

I ran this command: sudo /usr/local/bin/certbot-auto renew

It produced this output: Same output to all domains

Processing /etc/letsencrypt/renewal/

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for
Waiting for verification…
Challenge failed for domain
http-01 challenge for
Cleaning up challenges
Attempting to renew cert ( from /etc/letsencrypt/renewal/ produced an unexpected error: Some challenges have failed… Skipping.

My web server is (include version): Apache 2.4.29

The operating system my web server runs on is (include version): Linux Mint 19.1

My hosting provider, if applicable, is: server in house

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.36.0

The domains are configured as virtual hosts in apache.
The sites are accessible and use let’s encript certificates installed with certbot-auto.

DNS is configured with a type A record for all domains.
The firewall routes ports 80 and 443 to the server.
The server can reach the internet.

Hi @Polenghi

the detailed error message is required.

Oh, what's that? Checking your domain the error is visible -

Your ip addresses:

Host T IP-Address is auth. ∑ Queries ∑ Timeout A yes 1 0
AAAA yes A Rome/Latium/Italy (IT) - INTERBUSINESS Hostname: yes 1 0
AAAA yes

You don't have an A record with as domain name.

So you can't create a certificate with that domain name via http-01 validation.

Change your DNS setup - add the same ip address your www-version has -> to your non-www version.

Then recheck your domain, both rows should have an ip address.

Perhaps check your other domains with the same online tool to see, if there is the same error.

With the DNS correction the procedure worked.
It is a configuration that I cannot keep in production, I keep a note for the next renewal.

thanks a lot

1 Like

Hi @Polenghi,

Please reconsider this as it sounds like a manual process and can leave your site(s) with an expired certificate should you forget the note during the next renewal period. Keep in mind that the certificates are only valid for 90 days.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.