Failed renew cert


I tried to renew my cert. But I get
type: unauthorized
detail: Invalid response from DOMAIN/blablabla

I tried to check debug log in /var/log/letsencrypt/letsencrypt.log
But nothing inside the log.

I’m looking for a way to fault search, but got stuck.

Help appreciated =)

Let me GUESS then…
You are using Apache. Somehow your config has changed since your last renewal.
You haven’t checked the config for correctness.
You haven’t ensured that http://DOMAIN/.well-known/acme-challenge/testfile reaches the file you placed there. Oh yeah, you never placed any test file there.

The gist here is if you really want help, then try to make it easy for someone to help you - not harder.

Let us help you by beginning at the beginning and answer all the questions that should have been presented to you when you opened this topic:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

1 Like

Hi, I run on nginx.

to update cert I do this:
sudo certbot certonly --webroot -w /var/www/html -d domain -d www.domain

I get the fault when doing this.
type: unauthorized
detail: Invalid response from DOMAIN/blablabla

I did it two month ago with no problem.

I use this tutorial now with same error.

I double checked that the nging config file is correct with domain and checked it with “sudo nginx -t”

I was hopinf for a log file, but I can’t find one.

look for log file as:

Then this

is NOT the webroot for

check your vhost config to see what is the real webroot.

Strange, I had it working flawless before. I got this in my nginx conf
# SSL Configuration
location ~ /.well-known {
allow all;
root /var/www/html;

This also before SSL conf-line.
# RSA certificate
ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;

In your port 80 vhost config, what is the root set to?
[Please show the config file]

upstream site_server {

    server unix:/home/user/projects/site/gunicorn.sock fail_timeout=10s;


server {
listen 8002;
listen [::]:80;

    # Redirect non-https traffic to https
    if ($scheme != "https") {
            return 301 https://$host$request_uri;


server {
listen 443 ssl;
access_log /home/user/projects/logs/site_access.log;
error_log /home/user/projects/logs/site_error.log info;

    server_name DOMAIN www.DOMAIN;
    client_max_body_size 10M;

    # RSA certificate
    ssl_certificate /etc/letsencrypt/live/site/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/site/privkey.pem;

    include /etc/letsencrypt/options-ssl-nginx.conf;

    location / {

    proxy_pass http://unix:/home/user/projects/site/gunicorn.sock;

    proxy_pass_header Server;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Real-IPP $remote_addr;
    proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;


    location /static {

            alias /home/user/projects/site/static;


    location /media {

            alias /home/user/projects/site/site/media;


    # SSL Configuration
    location ~ /.well-known {
            allow all;
            root /var/www/html;


That may not be providing the desired/(your expected) result.

Please make these paths and test files:
mkdir /var/www/html/.well-known/
mkdir /var/www/html/.well-known/acme-challenge/
mkdir /var/www/html/acme-challenge/
[files - use any method - below is only one way (as example)]
sudo echo 'location1' > /var/www/html/.well-known/acme-challenge/testfile1234
sudo echo 'location2' > /var/www/html/acme-challenge/testfile1234
sudo echo 'location3' > /var/www/html/tesfile1234

Then see which text is returned with:

Whichever location# is returned, that is the actual --webroot location you need to use.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.