Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: icecream.ixeo-conseil.com
I ran this command: certbot --apache
It produced this output:
Failed authorization procedure. icecream.ixeo-conseil.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://icecream.ixeo-conseil.com/.well-known/acme-challenge/3dm2MtJSflAQerN9WvpM9pIvU_xY7l-Ncrkzup41WRU [188.8.131.52]: “\n\n403 Forbidden\n\n
The following errors were reported by the server:
Detail: Invalid response from
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
Server version: Apache/2.4.29 (Ubuntu)
Server built: 2019-09-16T12:58:48
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot):
I have created a directory and subdirectory .well-known/acme-challenge and put a file called 1234 with only “ok” inside. I have no problem in obtaining “ok” from icecream.ixeo-conseil.com/.well-known/acme-challenge/1234.
I tested the challenge after stopping the firewall ufw and fail2ban, without more success.
I have on the same server an OnlyOffice instance installed under docker. I did stop the container, but it didn’t change anything. I have also an instance of Odoo12, and if I disable its virtualhost, it does not change anything.
One weird thing is that while the web server is Apache 2.4, I have been obliged to add directives
Allow from all
to make the site reachable. It didn’t work with only the directive “Require all granted”.
I have read a lot of topics in the forum without finding the solution.