Renew cert : Failed authorization procedure

My domain is:

I ran this command: sudo certbot renew

It produced this output:
Attempting to parse the version 0.21.1 renewal configuration file found at /etc/letsencrypt/renewal/ with version 0.10.2 of Certbot. This might not work.
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for
Waiting for verification…
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/ produced an unexpected error: Failed authorization procedure. (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from "

Page non ". Skipping.

My web server is (include version):
Apache2 latest version

The operating system my web server runs on is (include version):
Debian 9

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

You do a redirect to https first, then wordpress comes into play. Disable wordpress for the location /.well-known/acme-challenge.

Thanks for your help!

=> is it a good thing or not? Do I have to disable http to https redirection for renewing my certs?

Any idea how to do this? It wasn't necessary to generate original cert...


If WordPress can’t handle the challenge requests correctly, then, yes.
But only for the challenge request folder - not the entire site.

The issue can be corrected in several ways and in several places.
So don’t give up if you hit a wall with one method (like say configuring WordPress to play well with the challenge requests fails) there are other methods.
Probably the simples is to bypass the http to https redirection right at the initial connection.
Which could look something like this:

RewriteEngine On
RewriteRule ^\.well-known\/acme-challenge\/ - [L]
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.