Recently we’ve had several reports which had all of these elements in common:
- the users had originally used
certbot --apache
to obtain their certificatesl - they were previously able to renew the certificates with
certbot renew
l - recently, a renewal failed with an error like
The client lacks sufficient authorization :: Invalid response from http://example.com/.well-known/acme-challenge/stuff
followed by some HTML or an Apache HTTP error code; and - changing to
--webroot
made the renewal work
If you’re in this situation or you know of someone in this situation (including examples here on this forum), it would be great if you could provide some technical details, logs, and Apache configuration files to help us understand why certbot --apache
sometimes doesn’t work in this specific way.