Problem with the renew Certificat

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain

I ran this command:sudo certbot --apache

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1
Attempting to parse the version 0.37.1 renewal configuration file found at /etc/letsencrypt/renewal/ with version 0.31.0 of Certbot. This might not work.
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from []: “\n<!-- Pi-hole: A black hole for Internet advertisements\n* © 2017 Pi-hole, LLC (\n* Network”


My web server is (include version):Apache

The operating system my web server runs on is (include version):Raspberry PI 4b

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.31.0

1 Like

Hi @huepper2007

checking your domain that can’t work -

Port 80 is open and answers. But checking a (not existing) file in /.well-known/acme-challenge there is that answer:

Open Source Ad Blocker Designed for Raspberry Pi unknown 0 9 Wednesday 7:53 PM, October 23rd. Pi-hole v4.3.2-0-ge41c4b5 (raspberrypi/

Looks like you run a blocking script.

Remove that complete or if the path starts with /.well-known/acme-challenge.

Letsencrypt must be able to check a file in that subdirectory.

1 Like

Wenn es geht auch in deutsch. Bin leider in dieser Sache ein Anfänger.
Bin einwenig überfordert.

Da ist ein Ad Blocker, der seine Infos auf englisch rausgibt.

Der blockiert Letsencrypt. Also muß das Script entfernt werden, wenn Du ein Zertifikat erstellen möchtest.

lighttpd war auf port 80. Geändert auf anderen Port. Alles funktioniert.


1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.