Trouble with missing files

My domain is:

I ran this command:
sudo certbot certonly --standalone --preferred-challenges http -d

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator standalone, Installer None

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for

Cleaning up challenges

Problem binding to port 80: Could not bind to IPv4 or IPv6.

My web server is (include version):
Ubuntu 14.04

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.31.0

Hi @zebrastribe

you have a lot of older Letsencrypt certificates, first from 2017-03-27 05:39:00, last from 2019-02-27 10:28:15 ( ).

Looks like you have used tls-sni-01 validation, that’s not longer supported, ended ~ 2019-03-15. So now it’s your first certificate with another validation method.

--standalone is from tls-sni-01, that starts a new webserver. But you have a running webserver -> that’s part of the problem.

Your configuration isn’t perfect, there is a redirect that adds a /.

Domainname Http-Status redirect Sec. G 302 0.070 A 302 0.070 E 301 1.137 N
Certificate error: RemoteCertificateNameMismatch 200 3.930 I 302 0.076 A
Visible Content: Found The document has moved here . Apache/2.4.7 (Ubuntu) Server at Port 80 302 0.070 E
Visible Content: Found The document has moved here . Apache/2.4.7 (Ubuntu) Server at Port 80 301 1.370 A
Visible Content: 400 1.223 M
Bad Request
Visible Content: {“error”:“invalid_request”,“error_description”:“unknown request”}

So you have different options:

  • stop your webserver, then use standalone, then start your webserver again
  • use
sudo certbot certonly --apache --preferred-challenges http -d

that creates a location http + /.well-known/acme-challenge and should skip your not working redirect http -> https

  • add a manual exclusion, so /.well-known/acme-challenge isn’t redirected to https, then find your DocumentRoot of your http port and use that:
certbot run -a webroot certonly -w yourDocumentroot -d

Hi Jürgen
These are the steps I understand from you that I need to take:

  1. stop apache
  2. use: sudo certbot certonly --apache --preferred-challenges http -d
  3. add a manual exclusion – How?
  4. then: certbot run -a webroot certonly -w yourDocumentroot -d
  5. Restart apache
  6. All is fixed?

it is step 3 I need some help with and is “yourDocumentRoot” = var/www/

No, these are three different options, not one after the other.

The webroot version is the preferred version. Every webserver should have a working webroot. And you don’t need to stop your running webserver.

How do I add the Manual exclusion and where?

Is it the TXT record “_acme-challenge” that needs to be setup manually at my host?
like here under manual DNS “
And were is the value to the TXT record?

Please start with the basics:


Hey Jürgen
Thank you for pointing me in the right direction. I guess it is a HTTP-01 challenge I need so the TXT DNS records is not used. Can I somehow check if the automated renewal process is working?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.