Invalid response from .well-known/acme-challenge on Rocky 9

I have read all the other posts on this issue and the problem is usually webroot or DNS. I don't think that is my issue here, please help.....

My domain is:

I ran this command:

certbot run -a webroot -i apache -w /var/www/html/ -d -d

It produced this output:

Requesting a certificate for and

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Type: unauthorized
Detail: 2607:f1c0:100f:f000::200: Invalid response from 204

Type: unauthorized
Detail: 2607:f1c0:100f:f000::200: Invalid response from 204

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.

My web server is (include version):
/usr/sbin/httpd -v
Server version: Apache/2.4.53 (Rocky Linux)
Server built: Jul 20 2022 00:00:00

The operating system my web server runs on is (include version):

cat /etc/system-release

Rocky Linux release 9.1 (Blue Onyx)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.1.0

I have done this on numerous Cent 7, Cent 8 and Rocky 8 servers previously without issue.

Things I have checked:

  • My A record is pointed to the correct Ip
    sgingell@Shanes-MacBook-Pro-2 ~ % nslookup

Non-authoritative answer:

  • I CAN download a test file @ /webroot/.well-known/acme-challenge/ this tells me layer 4 to my server (port 80) is good as well as http config, webroot, ownership/permissions etc etc without issue.

  • my webroot is : /var/www/html/

cat /etc/httpd/conf.d/default-site.conf
<VirtualHost *:80>

DirectoryIndex index.html index.php
DocumentRoot /var/www/html/

Proxy declaration

<Proxy "unix:/run/php-fpm/www.sock|fcgi://php-fpm">
   # we must declare a parameter in here (doesn't matter which) or 
   # it'll not register the proxy ahead of time

   ProxySet disablereuse=off

   # Note: If you configure php-fpm to use the "pm = ondemand" 
   #then use "ProxySet disablereuse=on"

    <Directory /var/www/html/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted

    ErrorLog /var/log/httpd/electservices.biz_error.log
    CustomLog /var/log/httpd/electservices.biz_access.log combined

As the error suggests, Let's Encrypt is trying to connect to the IPv6 address of your domain.

That address points to some nginx server, not to your Apache server.

Correct or remove the IPv6 address (the DNS AAAA record) and the problem should go away.


It would appear that you problem is solved.
There was a certificate issued on 2023-01-25
Let's Debug has OK results for the HTTP-01 Challenge
And the A results here SSL Server Test: (Powered by Qualys SSL Labs) with the certificate issued on 2023-01-25.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.