New cert Challenge failed (authentication - unauthorized)

My domain is:

I ran this command: certbot certonly --preferred-challenges http -d -v --staging

It produced this output:

Saving debug log to C:\Certbot\log\letsencrypt.log

How would you like to authenticate with the ACME CA?

1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Requesting a certificate for
Performing the following challenges:
http-01 challenge for
Input the webroot for (Enter 'c' to cancel): H:<webroot>
Creating a web.config file in H:<webroot>.well-known\acme-challenge to allow IIS to serve challenge files.
Waiting for verification...
Challenge failed for domain
http-01 challenge for

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Type: unauthorized
Detail: Invalid response from 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

My web server is (include version): python -m http.server 80

The operating system my web server runs on is (include version): Windows 10

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.30.0

My experience level is: Novice hobbyist, so I appreciate everyone's assistance and patience.
I used staging because I timed out attempts trying to work this out on my own. I spooled up a simple python webserver for debug purposes, I was originally trying to use standalone but the results were the same. I am leaving the server running only while this thread is active in case it helps. Am I right in assuming that since I can access the web server (and hopefully you can too) that all port forwarding and firewall rules are set up correctly? If so, what could be causing the invalid/unauthorized response in Certbot? Certbot was run from the windows powershell with administrator privileges.

1 Like

I am signing off for the night but you should look at this let's debug test site


This was perfect thank you! I discovered that I had set up some forwarding in my DNS records and there were in fact multiple IP records for the same name. I cleaned up the forwarding and got a successful result from the staging.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.