Http-01 challenge failed - HTTP 404

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
sudo /usr/local/bin/certbot-auto --apache

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to

Please read the Terms of Service at You must
agree in order to register with the ACME server at

(A)gree/©ancel: A

Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let’s Encrypt project and the non-profit
organization that develops Certbot? We’d like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.

(Y)es/(N)o: Y

Which names would you like to activate HTTPS for?


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
http-01 challenge for
http-01 challenge for
http-01 challenge for
http-01 challenge for
http-01 challenge for
Waiting for verification…
Challenge failed for domain
http-01 challenge for
Cleaning up challenges
Some challenges have failed.


  • The following errors were reported by the server:

    Type: unauthorized
    Detail: Invalid response from
    []: “\n\n404 Not

    Not Found


    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.

  • We were unable to subscribe you the EFF mailing list because your
    e-mail address appears to be invalid. You can try again later by

My web server is (include version):
Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1c

The operating system my web server runs on is (include version):
Ubuntu 19

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 1.2.0

1 Like

Hi @mpoletiek

what says

apachectl -S

PS: Checking your domain - - there is no Apache.

Server: Camp Fire Node 0

That may be the reason --apache doesn't work. Perhaps switch to webroot if you use another webserver.

1 Like


Here is the output. I’m definitely using apache. The Server tag is masked.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using Set the ‘ServerName’ directive globally to suppress this message
VirtualHost configuration:
*:80 is a NameVirtualHost
default server (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost (/etc/apache2/sites-enabled/matthewpoletiek.conf:1)
port 80 namevhost (/etc/apache2/sites-enabled/skylaski.conf:1)
port 80 namevhost (/etc/apache2/sites-enabled/technomystics.conf:1)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: “/var/run/apache2/”
Define: MODSEC_2.5
Define: MODSEC_2.9
User: name=“www-data” id=33 not_used
Group: name=“www-data” id=33 not_used

1 Like


you see your problem. Two port 80 vHosts with the same domain name Rename your default server, then again apachectl -S to see, if this is fixed.

Every combination of port and domain name must be unique.

PS: With such a vHost configuration, it may be better to create one certificate per main domain name (with the main domain and the www subdomain).

So you have different port 443 vHosts.


Yup. I just saw that. Thanks for suggesting ‘apachectl -S’

Now I have a new issue… :confused:

mpoletiek@www:~$ sudo certbot-auto --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
An unexpected error occurred:
ValueError: Requesting Network is unreachable
Please see the logfiles in /var/log/letsencrypt for more details.

mpoletiek@www:~$ ping
PING ( 56(84) bytes of data.
64 bytes from ( icmp_seq=1 ttl=61 time=8.16 ms
64 bytes from ( icmp_seq=2 ttl=61 time=8.50 ms
^C ping statistics —
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 8.157/8.329/8.501/0.172 ms

Network issue was temporary it seems. Tried again a few moments later and it worked. Thank you so much!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.