Http-01 challenge issue setting up certificates for the first time


My domain is:

I ran this command: sudo certbot --apache
sudo certbot --apache -d

It produced this output:
sudo certbot --apache -d
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from "<!doctype html>

    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
    <meta htt"


  • The following errors were reported by the server:

    Type: unauthorized
    Detail: Invalid response from
    "<!doctype html>

        <meta http-equiv="Content-Type" content="text/html;

    <meta htt"

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version): Apache/2.4.6 (CentOS)

The operating system my web server runs on is (include version): CentOS Linux 7 (Core)

I can log in to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

Apart from that, I tried creating a directory at .well-known/acme-challenge/ and placed a test.html file and tried navigating it through the browser to check if I can reach it, and I was able to reach the page.


Is supposed to have two IP addresses?  (insecure)  600  A  (insecure)  600  A

The first IP has a /.well-known/acme-challenge/test.html page; the second IP returns a 404 Not Found error page starting with the HTML in the Let’s Encrypt error message.


Hi Mnodhoff,

The First IP is the public ip of the server, while the second is the godaddy ip(we have setup the subdomain using godaddy), is there a way to resolve it.


To use HTTP validation, you have to disable the GoDaddy URL forwarding thing for that subdomain.

The normal A record for is the only one that should exist (for the sudomain).


Hi mnordhoff,

Thanks for the help, removed extra A record and tried installing again, and it worked like charm.
Just one more thing, how did you get to know that it had two A name records.

Thank again.


You can use dig command to look up the A record for the domain name. Following is the current output for your subdomain and A record can be obtain under “ANSWER SECTION”.

[root@~]# dig A

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2454
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 4096
; IN A



;; Query time: 90 msec
;; WHEN: Thu Aug 23 02:44:35 UTC 2018
;; MSG SIZE rcvd: 117


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.