Invalid response

Hi! I’ve been struggling getting a certificate for my website. I run sudo certbot --apache, and it returns invalid response. From what I understand, my website doesnt find the challenges sent by certbot, so it returns a 404. I made a test adding a directory in apache, and it could retrieve the files in there. Also, when I check apache’s access logs, it sometimes shows certbot request, but most of the time it doesnt, while the output it shows is from my website.

My domain is:

I ran this command: sudo certbot --apache

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from []: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\n   \"\">\n<html>\n\n<head>\n  <title>Datlas</ti"

 - The following errors were reported by the server:

   Type:   unauthorized
   Detail: Invalid response from

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version): Apache/2.4.29

The operating system my web server runs on is (include version): Ubuntu 18.04.2 LTS

My hosting provider, if applicable, is: GoDaddy

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Here’s my apache config, in case you need it:

<VirtualHost *:80>
        DocumentRoot /home/ubuntu/backend

        <Directory /home/ubuntu/backend>
                Options Indexes FollowSymLinks Includes ExecCGI
                AllowOverride All
                Require all granted
                Allow from all

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        Alias /static /home/ubuntu/backend/static

        <Directory /home/ubuntu/backend/static>
                Require all granted

        <Directory /home/ubuntu/backend/mysite>
                        Require all granted
        WSGIDaemonProcess myproject python-path=/home/ubuntu/backend:/home/ubuntu/backend/venv/lib/python3.6/site-packages
        WSGIProcessGroup myproject
        WSGIScriptAlias / /home/ubuntu/backend/mysite/

        SetEnv Debug ${Debug}
        SetEnv Name ${Name}
        SetEnv RDS_DB_NAME ${RDS_DB_NAME}
        SetEnv RDS_PORT ${RDS_PORT}

Lastly, here’s what i added to test if apache could retrieve files, which worked:
Alias “/.well-known” “/.well-known”
<Directory /.well-known>
Require all granted

Hi @alifelan

there is already a check of your domain - ~~6 hours old -

There you see the problem.

Your ip configuration:

Host T IP-Address is auth. ∑ Queries ∑ Timeout A Scottsdale/Arizona/United States (US) -, LLC Hostname: yes 2 0
AAAA yes C yes 1 0
A Scottsdale/Arizona/United States (US) -, LLC Hostname: yes

That's a GoDaddy ip address.

And the result: Checking http + /.well-known/acme-challenge/random-filename - there is a http status 200, not the expected result http status 404 - Not Found.

With a frameset:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" ""> <html> <head> <title>Datlas</title> <meta name="description" content="Transformando datos en decisiones inteligentes"> <meta name="keywords" content="Datlas, inteligencia, datos, analytics, Mexico"> </head> <frameset rows="100%,*" border="0"> <frame src="" frameborder="0" /> </frameset> </html> 

You have to use the ip of directly in your dns A entry.

Such a "frame redirect" doesn't work with Letsencrypt, because Letsencrypt checks the wrong server.

1 Like

It took me some time to understand it, but it makes sense. My ec2 server responds with a 404, while the godaddy returns a 200 with a framed 404. As far as i know, letsencrypt doesnt allow aws ec2 urls because they are ephemeral. I was completely lost on why that was happening. If you have an idea to help me, I’ll gladly take it, but I’ll dive into i. Thanks a lot!!

That's correct, but that's only a problem if you create a certificate with as domain name.

Not, if your has the ip of

And now your basic configuration is ok.

Host T IP-Address is auth. ∑ Queries ∑ Timeout A Dublin/Ohio/United States (US) -, Inc. Hostname: yes 1 0
AAAA yes A Dublin/Ohio/United States (US) -, Inc. Hostname: yes 1 0
AAAA yes

One host with (may be) a lot of different domains.

So create a certificate with both domain names:

certbot -d -d

Now i got it. Im a new developer at the startup, so ive been working with deploying our new page to, and has a letsencrypt certificate so i went with the same option. Turns out (or at least i understand from the table) is on amazon, while is on godaddy, and godaddy frames the redirect. Ill have to talk with my boss for that, but thanks Juergen! You took me out of my two day problem

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.