Two domains same server certificate good on one but not the other

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:,

I ran this command: sudo certbot --apache

It produced this output:
``Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 5 6
Attempting to parse the version 0.34.2 renewal configuration file found at /etc/letsencrypt/renewal/ with version 0.28.0 of Certbot. This might not work.
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
http-01 challenge for
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from []: “\n\n404 Not Found\n\n

Not Found



My web server is (include version): Apache/2.4.25

The operating system my web server runs on is (include version): Debian 9.9 Stretch

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot version 0.28.0

So I have a digital ocean droplet that is running Debian and has Apache running with virtual hosts set up to host my two domain names: and . I discovered this site and decided to get a certificate for both of my sites with the certbot. Through running certbot I WAS able to get’s certificate to work and it loads with the https:// and the lock icon, but my other domain has repeatedly failed with the error message above .

Does anybody have any ideas as to what I’m missing? Thanks

Did you know that itself is an Apache “it works!” page, instead of the Spoon Bomb website?

( is the right website, but with a self-signed certificate.)

Can you post “sudo apachectl -t -D DUMP_VHOSTS”?

If there are multiple overlapping virtual hosts, sometimes Certbot will apply the validation modifications to one, and then Apache will use a different one.

Certbot 0.31.0 and newer will be more likely to succeed, but you can also just fix the ambiguity in the Apache configuration, if that’s what the issue is.

Were you using certbot-auto before?

1 Like

Yeah I noticed too tghat goes to the Apache “it works” page
and goes to the real website

I had actually ran certbot-auto previously before I did a sudo apt-get dist-upgrade to Debian 9.9 Stretch

robgraves@www ~ $ sudo apachectl -t -D DUMP_VHOSTS
[sudo] password for robgraves:
VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost (/etc/apache2/sites-enabled/
         port 80 namevhost (/etc/apache2/sites- 
         port 80 namevhost (/etc/apache2/sites-enabled/
*:443                  is a NameVirtualHost
         default server (/etc/apache2/sites-enabled/ 
         port 443 namevhost (/etc/apache2/sites-enabled/ 
     port 443 namevhost (/etc/apache2/sites-enabled/
robgraves@www ~ $
1 Like

Hi @robgraves

you have two vHosts with, that’s bad.

Check both vHosts and remove one. Every combination of port and ServerName should be unique.

1 Like

Awesome, thank you, that worked, Thanks so much.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.