Initial certbot failure

The website has been running without https for awhile.
I just installed certbot, following directions at says everything is OK.
More details below.

My domain is:

I ran this command:
certbot --apache

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel):

Please read the Terms of Service at You must
agree in order to register with the ACME server at

(A)gree/(C)ancel: a

Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.

(Y)es/(N)o: yes

Which names would you like to activate HTTPS for?


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Waiting for verification...
Challenge failed for domain
http-01 challenge for
Cleaning up challenges
Some challenges have failed.


  • The following errors were reported by the server:

    Type: unauthorized
    Detail: Invalid response from
    []: "\r\n<html
    lang="en-US">\r\n\r\n<meta charset="UTF-8" />\r\n<meta
    name="viewport" content="width=device-width, initi"

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.

My web server is (include version):
Apache/2.4.41 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 20.04 LTS

My hosting provider, if applicable, is:
Me (machine on home network)

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

In the log file, /var/log/letsencrypt/letsencrypt.log,
this seems to be the most important part:

2020-11-21 16:14:20,104:DEBUG:urllib3.connectionpool:
"POST /acme/authz-v3/8769821829 HTTP/1.1" 200 1211
2020-11-21 16:14:20,105:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 21 Nov 2020 21:14:20 GMT
Content-Type: application/json
Content-Length: 1211
Connection: keep-alive
Boulder-Requester: 103103650
Cache-Control: public, max-age=0, no-cache
Replay-Nonce: 0103bQ6ZDVAjO04sBMYkeMaqJ27WwMjoPm8FBhiHI_KuVd0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

"identifier": {
"type": "dns",
"value": ""
"status": "invalid",
"expires": "2020-11-28T21:14:15Z",
"challenges": [
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from []: "\u003c!DOCTYPE html\u003e\r\n\u003chtml lang=\"en-US\"\u003e\r\n\u003chead\u003e\r\n\u003cmeta charset=\"UTF-8\" /\u003e\r\n\u003cmeta name=\"viewport\" content=\"width=device-width, initi"",
"status": 403
"url": "",
"token": "60in5LUVITC5KZzRpgLSbGZMBncjMFQ57ZdPzDl_lSI",
"validationRecord": [
"url": "",
"hostname": "",
"port": "80",
"addressesResolved": [
"addressUsed": ""

Any ideas?


Hi Jan and welcome to the LE community!

Yes, let's start with seeing what names Apache is serving and where.
Please show the output of:
apachectl -S


VirtualHost configuration:
*:80 is a NameVirtualHost
default server (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost (/etc/apache2/sites-enabled/
alias marionette
wild alias *
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
PidFile: "/var/run/apache2/"
User: name="www-data" id=33 not_used
Group: name="www-data" id=33 not_used


Hi @JanEdler


always wrong.

Every combination of port and domain name must be unique.

So merge these two vHost definitions in one and remove the other.


Thanks, that took care of the problem!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.