Unable to obtain SSL certificates

Running “WordPress Certified by Bitnami version 4.9.8-0-r35 on Ubuntu 16.04 provided by Bitnami”

I’m attempting to follow the instructions detailed on this page:

However when running the command:
sudo lego --domains=“earthi.space” --domains=“www.earthi.space” --path="/etc/lego" run

I am receiving the following error:

2018/09/21 12:48:43 No key found for account info@earthi.co.uk. Generating a curve P384 EC key.
2018/09/21 12:48:43 Saved key to /etc/lego/accounts/acme-v02.api.letsencrypt.org/info@earthi.co.uk/keys/info@earthi.co.uk.key
2018/09/21 12:48:43 Do you accept the TOS? Y/n
2018/09/21 12:48:48 Your input was invalid. Please answer with one of Y/y, n or by pressing enter.
2018/09/21 12:48:48 Do you accept the TOS? Y/n
2018/09/21 12:48:50 [INFO] acme: Registering account for info@earthi.co.uk
2018/09/21 12:48:50 !!! HEADS UP !!!
2018/09/21 12:48:50
Your account credentials have been saved in your Let’s Encrypt
configuration directory at “/etc/lego/accounts/acme-v02.api.letsencrypt.org/info@earthi.co.uk”.
You should make a secure backup of this folder now. This
configuration directory will also contain certificates and
private keys obtained from Let’s Encrypt so making regular
backups of this folder is ideal.
2018/09/21 12:48:50 [INFO][earthi.space, www.earthi.space] acme: Obtaining bundled SAN certificate
2018/09/21 12:48:51 [INFO][earthi.space] AuthURL: acme-v02.api.letsencrypt.org/acme/authz/8Zt7RP0C2w4KWFWv08vShJ6QXnOWaWHzXRLZnknQdig
2018/09/21 12:48:51 [INFO][www.earthi.space] AuthURL: acme-v02.api.letsencrypt.org/acme/authz/K-uaa9Xjnx1JBW54D-C--hRXIVKURTkAU6A14dLlDF0
2018/09/21 12:48:51 [INFO][earthi.space] acme: Could not find solver for: dns-01
2018/09/21 12:48:51 [INFO][earthi.space] acme: Trying to solve HTTP-01
2018/09/21 12:48:56 [INFO][www.earthi.space] acme: Trying to solve HTTP-01
2018/09/21 12:48:56 [INFO][www.earthi.space] Served key authentication
2018/09/21 12:49:01 [INFO][www.earthi.space] The server validated our request
2018/09/21 12:49:01 Could not obtain certificates
acme: Error -> One or more domains had a problem:
[earthi.space] acme: Error 403 - urn:ietf:params:acme:error:unauthorized - Invalid response from earthi.space/.well-known/acme-challenge/Cvl6ffQdFF-mKO5Dj7YK4Gjx09FnvL5SAQwQxVdQzrc: q%!(EXTRA string=

I am struggling to work out how best to proceed. Any help would be appreciated!

Hi @Spiruel

your error message says, that Letsencrypt doesn't find the validation file under


So lego doesn't understand your Apache-configuration.

Or lego doesn't find your webroot.

Looking there - lego Readme:

There is an additional parameter --webroot.

Find your webroot (the directory of earthi.space, where your website starts), define that as additional parameter.

PS: Test it. Create two folder /.well-known/acme-challenge, there a file 1234

Then try to load this file via browser:


hi @JuergenAuer,

Thank you for your post.

The folder structure of the host server is configured like:

  • /opt/bitnami/apps/wordpress/htdocs - Wordpress’s Files
  • /opt/bitnami/apps/wordpress/htdocs/wp-content/ - Wordpress’s Content
  • /opt/bitnami/apps/wordpress/htdocs/wp-content/plugins/ - Wordpress’s Plugins
  • /opt/bitnami/apps/wordpress/conf - Wordpress’s Apache Configuration files.
  • /opt/bitnami/apache2 - Apache Web Server
  • /opt/bitnami/mysql - MySQL Database

I’m unsure of where my webroot could possibly be located? Creating the ‘1234’ file in these locations hasn’t worked.

Did you create the file 1234 there? Or under


Same with the other directories.

If that doesn't work, there are additional redirects. So share your Apache configuration. There should the webroot defined.

Perhaps there is a redirect /.well-known/acme-challenge to another subdirectory.

Hi @JuergenAuer

/opt/bitnami/apps/wordpress/htdocs was the location of the webroot in the end, thank you.

I did try the command
sudo lego --email="info@earthi.co.uk" --domains=earthi.space --domains=www.earthi.space --path="/etc/lego" --webroot="/opt/bitnami/apps/wordpress/htdocs/" run

with the new parameter but unfortunately no luck - I got the same error again.

There are multiple .conf files to choose from under bitnami and apache2 directories - do you know which one is the Apache configuration to share?

Yep - your file is now correct:

hello world

You have to check all files. The --webroot - option

Pass the --webroot option and specify the path to your webroot folder. In this case the challenge will be written in a file in .well-known/acme-challenge/ inside your webroot.

should do the job. Why not? I don't know.


All TLS handshakes on port 443 for the TLS-ALPN challenge.

Lego supports the tls-alpn - challenge. Perhaps test that.

I thought that your content management system (or something else) hides some directories. But then


wouldn't work.

I finally found a solution! I had a cloudfront distribution set up with this ec2 instance, which had ‘ipv6’ set to enabled. This meant that there was an AAAA record being created without my knowledge, leading to a conflict in the SSL certificate validation.

Disabling this option has now allowed me to follow the initial instructions docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/ in full!
Unfortunately the website still doesn’t yet say it’s secure - but I’ve passed the first hurdle.

Your certificate, created today, is good:


The only thing: You have blocked mixed content.

Use Chrome / FireFox, then Ctrl + Shift + I to open the console.


should be changed to https.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.