Problem with HTTP-01 Apache + Mono

My domain is:

I ran this command:
./certbot-auto --apache -d

It produced this output:

root@dev:/home/smart# ./certbot-auto --apache -d
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from "<?xml version="1.0" encoding="utf-8"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.

My web server is (include version):
Apache 2.4 + Mono

The operating system my web server runs on is (include version):
Ubuntu Server 16.04 LTS x64

I can login to a root shell on my machine (yes or no, or I don’t know):

I suspect its some problem with Mono as if I create a .well-known/acme-challenge folder I still get “forbidden” response.

To point out what I’m trying to do, trying to issue a new cert for one of our test sub-domains before I start issuing certs to new clients.

The domain only has a CNAME to, once I get this working with the new HTTP-01 verification the first domains I will issue certs will be: and (both point to the same A/IP address, the first one is for internal use by our company, the second will be used publicly by patients and such).

The issue is that when the Let’s Encrypt validation authority requests the challenge file, your server is instead returning some markup language. This happens for a variety of reasons that we can’t easily glean from context alone. I’d recommend taking a look at your configs, and try placing a test file at and attempt to pull that file.

Figured it out, it was Mono trying to process the request to .well-known thinking it was something it should handle.

Added this to the VirtualHost config and it worked:

<Location “/.well-known”>
SetHandler default-handler

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.