Renew fails for multiple domains

Sorry, I guess this question is asked a gazillion times already.
I have issues renewing my multi-domain certificate. I have multiple domains:


  • The first - - is listed as a A record in DNS. The others are CNAME records pointing to the A record.
    NSlookup works fine. However when I call
    certbot -d -d --apache
    the sub-domains cannot be validated, the main however can:

Renewing an existing certificate
Performing the following challenges:
http-01 challenge for
http-01 challenge for
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from []: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

The apache config shows:
ServerAlias *
RewriteEngine on
RewriteCond %{SERVER_NAME} [OR]
RewriteCond %{SERVER_NAME}
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

I also tried certbot -a webroot -i apache -w ... -d ... without any differences.

Any idea, what am I doing wrong here?

1 Like

Hi @allwi

what says

apachectl -S
1 Like

Many thanks @JuergenAuer,

sorry it was a noob error :roll_eyes:
apachectl showed
*:80 is a NameVirtualHost
default server (/etc/apache2/sites-enabled/default.conf:1)
port 80 namevhost (/etc/apache2/sites-enabled/default.conf:1)
alias ...
alias ...
port 80 namevhost (/etc/apache2/sites-enabled/nextcloud.conf:1)
alias ...
alias ...

After I disabled the unnecessary ‘default’ config, everything works fine (though I don’t really understand why failed and not

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.