Invalid Response From .well-known/acme-challenge

My cert expired and I am having issues renewing the cert. I have looked at some others that have had this issue but I am still not able to resolve the issue.

My domain is:

I ran this command: sudo certbot renew

It produced this output:


My web server is (include version): Apache/2.4.29 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04 (LTS)

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

What authenticator is Certbot setup to use for this domain?

grep -RE "(authenticator|installer)" /etc/letsencrypt/renewal

/etc/letsencrypt/renewal/ = apache
/etc/letsencrypt/renewal/ = apache

Hmm. It might be some virtualhost weirdness related to your non-www domain showing the default Apache page:

I wonder if you have some duplicate/name overlap in your virtualhost list:

apachectl -t -D DUMP_VHOSTS

Yes I have been trying to figure out how to fix the non www but I am not sure how to fix that.

Here is the output of the command you asked me to run:

VirtualHost configuration:
*:443 (/etc/apache2/sites-enabled/
*:80 is a NameVirtualHost
default server (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost (/etc/apache2/sites-enabled/
port 80 namevhost (/etc/apache2/sites-enabled/

I am also seeing this:

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

I also ran this and it says everything is good:

I also placed a file in the .well-known/acme-challenge folder:

Alright. This is the problem.

In Apache, only one VirtualHost may hold the ServerName/ServerAlias of

When you have two, only one of them takes effect, but this confuses Certbot, because it doesn't know which ons is the real one.

Basically what you need to do is figure out which one you want to keep, and get rid of the other one.

I suspect you probably want to comment out the VirtualHost in 000-default.conf (at least, rename it from to something else unused). But I'm not you, you will know what makes sense for you.


You are a life saver. I would have never figured that out. Thank you so much!

This is what I ended up doing:

a2dissite 000-default.conf

Then I restarted apache2 and ran certbot to renew. I think I will be setting something up to auto renew a few days before it expires this time.

Again, thank you so much for your help.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.