Type: unauthorized Detail: Invalid response from

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: workflexi.in

I ran this command: certbot renew

It produced this output:

root@ubuntu-s-4vcpu-8gb-blr1-01:~# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/www.workflexi.in.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for workflexi.in
http-01 challenge for www.workflexi.in
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (www.workflexi.in) from /etc/letsencrypt/renewal/www.wo rkflexi.in.conf produced an unexpected error: Failed authorization procedure. ww w.workflexi.in (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.workflexi.in/ .well-known/acme-challenge/jMo84bSSpL8ipMUmoVOiX0lE0wDvMe8JLrDH7pSJArw [68.183.8 4.33]: "\n<html lang=“en”>\n\n\t <meta charset="utf-8 ">\n\t<meta name=“viewport” content=“width=device-width, initial-”, workflex i.in (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks suff icient authorization :: Invalid response from https://www.workflexi.in/.well-kno wn/acme-challenge/YNqgf18Rb33GpJxtrUBL_KNL7oc8fxYE-9EBnuTuFE8 []: "< !DOCTYPE html>\n<html lang=“en”>\n\n\t <meta charset=“utf-8”>\n\t<m eta name=“viewport” content=“width=device-width, initial-”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.workflexi.in/fullchain.pem (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/www.workflexi.in/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)


  • The following errors were reported by the server:

    Domain: www.workflexi.in
    Type: unauthorized
    Detail: Invalid response from
    http://www.workflexi.in/.well-known/acme-challenge/jMo84bSSpL8ipMUmoVOiX0lE0w DvMe8JLrDH7pSJArw
    []: "\n<html lang=“en”>\n\n\t

    \n\t<meta name=\"viewport\" content=\"width=device-width, initial-"

    Domain: workflexi.in
    Type: unauthorized
    Detail: Invalid response from
    https://www.workflexi.in/.well-known/acme-challenge/YNqgf18Rb33GpJxtrUBL_KNL7 oc8fxYE-9EBnuTuFE8
    []: "\n<html lang=“en”>\n\n\t

    \n\t<meta name=\"viewport\" content=\"width=device-width, initial-"

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version): Apache/2.4.29 (Ubuntu)

The operating system my web server runs on is (include version):
Distributor ID: Ubuntu
Description: Ubuntu 18.04.2 LTS
Release: 18.04
Codename: bionic

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

Hi @suman1

looks like you have found a solution. Checking your domain both connections are secure ( https://check-your-website.server-daten.de/?q=workflexi.in ):

Domainname Http-Status redirect Sec. G
http://workflexi.in/ 301 https://www.workflexi.in/ 0.303 E
http://www.workflexi.in/ 200 0.774 H
https://workflexi.in/ 301 https://www.workflexi.in/ 4.243 B
https://www.workflexi.in/ 200 4.453 B

And you use a new certificate with both domain names:

expires in 90 days	
workflexi.in, www.workflexi.in - 2 entries

created today.

So the basics are good.

Perhaps add a redirect http + www -> https + www, so all users use the https version.


Sure, Thanks a lot. :slight_smile: