Hi, I have a similar problem with our debian 8 apache server.
I used certbot 0.9.3 before and it worked properly using the default tls-sni challenge.
Now I removed certbot and installed certbot-auto 0.30.2 but the domain validation with http-01 doesn’t work.
When I force certbot 0.30.2 to use tls-sni it fortunately still works but apparently soon it will no more.
root@trasis:/home/certbot# ./certbot-auto --apache --dry-run renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for my.trasis.com
http-01 challenge for trasis.com
http-01 challenge for www.trasis.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (www.trasis.com) from /etc/letsencrypt/renewal/www.trasis.com.conf produced an unexpected error: Failed authorization procedure. www.trasis.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.trasis.com/.well-known/acme-challenge/boiCprgCwx4rgijZQqSsfK2svp6MU7s9R16w3R7nlf8: "\n<html lang=“en” dir=“ltr” prefix=“content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/ter”, trasis.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://trasis.com/.well-known/acme-challenge/6fZpyQru1Fuq8kMJ_UHUbllzVO1XqGKzoLhjDdOhqYs: "\n<html lang=“en” dir=“ltr” prefix=“content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/ter”. Skipping.
Under IMPORTANT NOTES is shows Type: unauthorized and Detail: Invalid response from…
(sorry, I wanted to put the full output but because I’m a new user there is a link restriction of 20 and I can’t upload a file neither … )
root@trasis:/home/certbot# curl -X GET -I http://trasis.com/.well-known/acme-challenge/1234
HTTP/1.1 301 Moved Permanently
Date: Fri, 01 Feb 2019 13:52:41 GMT
Content-Type: text/html; charset=iso-8859-1
root@trasis:/home/certbot# curl -X GET -I http://www.trasis.com/.well-known/acme-challenge/1234
HTTP/1.1 200 OK
Date: Fri, 01 Feb 2019 13:52:48 GMT
Last-Modified: Fri, 01 Feb 2019 10:51:26 GMT
I’ve basic knowledge of apache configuration and I was happy in the past to use certbot for our https access. It was indeed a peace of cake to configure it, but now I’m a little bit lost and some help would really be appreciated.
Yes, I tried to find some answers in other posts but nothing worked, I’m really stuck