Malformed .well-known/acme-challenge URL

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: --staging --standalone --issue -d

It produced this output:
[Sun May 5 14:43:39 CEST 2019] Using stage ACME_DIRECTORY: https://acme-staging-
[Sun May 5 14:43:39 CEST 2019] Standalone mode.
[Sun May 5 14:43:39 CEST 2019] Single domain=‘’
[Sun May 5 14:43:39 CEST 2019] Getting domain auth token for each domain
[Sun May 5 14:43:40 CEST 2019] Getting webroot for domain=‘’
[Sun May 5 14:43:40 CEST 2019] Verifying:
[Sun May 5 14:43:40 CEST 2019] Standalone mode server
[Sun May 5 14:43:44 CEST 2019] error:Fetching Invalid host in redirect target
[Sun May 5 14:43:44 CEST 2019] Please check log file for more details: /root/

My web server is (include version): Apache/2.4.10

The operating system my web server runs on is (include version): Linux Debian-83-jessie-64-LAMP 3.16.0-4-amd64 #1 SMP Debian 3.16.51-2 (2017-12-03) x86_64 GNU/Linux

My hosting provider, if applicable, is: selfhosted

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): v2.8.2

I have multiple web sites and one of them is roundcube under apache. For other sites I am getting no error and only fails. I’ve tried --apache, --webroot and --standalone options and all of them fail with the same error: Verify error:Fetching

The URL it tries to fetch is malformed - it should be instead

Hi @hutorny

checking your domain via there you see the problem:

Domainname Http-Status redirect Sec. G 301 0.050 A 200 0.280 N
Certificate error: RemoteCertificateNameMismatch 200 0.546 N
Certificate error: RemoteCertificateNameMismatch 301 0.050 A
Visible Content: Moved Permanently The document has moved here . Apache/2.4.10 (Debian) Server at Port 80 -1 0.030 R
NameResolutionFailure - The remote name could not be resolved: ''

You have redirect with a missing "/". So redirecting the domain works ~~, but redirecting a subdirectory produces the wrong domain name

So check your redirect rule http -> https and add a /.

Perhaps after your %{SERVER_NAME}


Thank you very much! Fixing redirect has solved the problem!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.