Recent troubles with Certbot renewals using --apache

Recently we’ve had several reports which had all of these elements in common:

  • the users had originally used certbot --apache to obtain their certificatesl
  • they were previously able to renew the certificates with certbot renewl
  • recently, a renewal failed with an error like The client lacks sufficient authorization :: Invalid response from http://example.com/.well-known/acme-challenge/stuff followed by some HTML or an Apache HTTP error code; and
  • changing to --webroot made the renewal work

If you’re in this situation or you know of someone in this situation (including examples here on this forum), it would be great if you could provide some technical details, logs, and Apache configuration files to help us understand why certbot --apache sometimes doesn’t work in this specific way.

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.