Renewal fails (auto + manual) though acme-challenge dir is reachable


I’ve seen many similar problems but not this exact one.

I run

letsencrypt renew

And get this (domain name has been changed):

 Invalid response from

So I create a file in /var/www/html/.well-known/acme-challenge called LJf7H3mThOewfe7ZPVHSuerctGN1lP5z5nhLVpJgjgM and verify that I can access it:

# curl -i
HTTP/1.1 200 OK
Date: Sat, 25 Feb 2017 01:20:39 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Sat, 25 Feb 2017 01:20:09 GMT
ETag: "5-54950a5ab9baf"
Accept-Ranges: bytes
Content-Length: 5
Content-Type: text/plain


That works both from my host and from my local computer, so it’s accessible over the internet.

Then I run letsencrypt renew again and get this:

Invalid response from

Note that the filename that it’s looking for has changed (from LJf7H3mThOewfe7ZPVHSuerctGN1lP5z5nhLVpJgjgM to kJ0HkAahabrr-Ugv6TRom07LdxU5K4nkqlxyF48MFDw).

So it seems that it picks a new random filename each time. Which means that I can’t pre-arrange for that file to be there. How do I get around this?

I also tried to do the command manually:

letsencrypt certonly --renew --email -a manual -d -d  --dry-run --agree-tos

Any got essentially the same error.

I could maybe do some apache redirect/forwarding trickery so that any url that starts with /.well-known/acme-challenge would match some valid text file, but that seems like a lot of trouble to go to. Any easier solutions?

I’m on ubuntu 16.04 with Apache/2.4.18 and letsencrypt 4.0.1.

Answering my own question, it seems that letsencrypt had a different idea of where my web root was than where it actually is (/var/www/html).

When I specified the web root it worked:

letsencrypt renew --webroot-path /var/www/html/

Good to see you’ve got things figured out! But it’s kinda weird certbot (or its old name, letsencrypt) didn’t remember it correctly!

Did it somehow change, the webroot?

No. The webroot has always been /var/www/html.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.