Error setting up Let's Encrypt with Apache

Posted December 2, 2019 4k views
Let's Encrypt

Hello, I’m trying to set up Let’s crypt SSL certificate on a server running Apache following this tutorial for the domain I follow everything to the risk, but when I run sudo certbot renew –dry-run, I receive an output with the following errors:

Attempting to renew cert ( from /etc/letsencrypt/renewal/ produced an unexpected error: Failed authorization procedure. (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from []: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p". Skipping.


The following certs could not be renewed:
  /etc/letsencrypt/live/ (failure)

I’m a newbie and I’m having a hard time figuring out how to solve this problem. Could someone please help me?

edited by alexdo

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
4 answers

Hello, @renatov

Can you please confirm if the fullchain file is present: /etc/letsencrypt/live/

Also I will suggest to check our latest tutorial for Ubuntu 18.04:

Looking forward to your reply.


by Kathleen Juell
by Erika Heidi
Let's Encrypt is a Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers. In this tutorial, you will use Certbot to obtain a free SSL certificate for Apache on Ubuntu 18.04 and set up your certificate to renew automatically.

Hello @alexdo

Thank you for your reply. I think the file you mentioned is present, but it’s seems to be a link to another file:

$ sudo ls -l /etc/letsencrypt/live/
total 4
lrwxrwxrwx 1 root root  44 Dec  2 00:30 cert.pem -> ../../archive/
lrwxrwxrwx 1 root root  45 Dec  2 00:30 chain.pem -> ../../archive/
lrwxrwxrwx 1 root root  49 Dec  2 00:30 fullchain.pem -> ../../archive/
lrwxrwxrwx 1 root root  47 Dec  2 00:30 privkey.pem -> ../../archive/
-rw-r--r-- 1 root root 692 Dec  2 00:30 README

By the way, it only has read access as root. Is everything the way it should be? Concerning the tutorial you mentioned, I must stick with Ubuntu 14.04 until 04/2020. I can’t afford to install and configure the whole server just now, but I’m scheduling to do it when Ubuntu 20.04 LTS is out. I’d like to keep going with Ubuntu 14.04 until then. Everything is working just fine, I just need to provide a HTTPS to this domain and everything is running ok.

Hello, @renatov

This looks okay from what I can see. Let’s encrypt creates those symlinks so it’s fine.

You can also check if the directory is present and if it has sufficient permissions (both .well-known and acme-challenge are 755)

Let me know how it goes.


  • There is no such directory:

    $ ls -a
    .  ..  index.html
    $ ls -l
    total 4
    -rw-rw-r-- 1 rvernucio rvernucio 325 Dec  2 00:12 index.html

    My other 2 domains, which I successfully set their SSL using Let’s Encrypt in the begining of 2019 (about 10 months ago), don’t have this directory too. Maybe something changed in Let’s Encrypt? I don’t get what’s the problem exactly.

    • Hello, @renatov

      What happens when you run the following command:

      ./letsencrypt-auto --test-cert --apache --domain

      You need to change with your actual domain name.

      Let me know how it goes.


The command letsencrypt-auto was not found and find / -name letsencrypt-auto didn’t find anything. I think this command is deprecated. Some more informations: as I said in the original post, there are 2 other domains that were created about 10 months ago which HTTPS are working fine. This new domain I’m trying to create using the exact same method is giving this ACME error. The thing is, when I run sudo certbot renew –dry-run, the output shows that the ACME validation fails to the 3 domains (it fails to the new one I’m trying to create and to the other 2 that are already validated and running fine). So, I think if I created this new domain 10 months ago, it would probably be working just fine. Also, if I was creating those 2 other (old) domains now, they would provide some error too. My guess is that some update in Let’s Encrypt added this ACME validation as necessary, which doesn’t work on Ubuntu 14.04. I don’t know if this makes sense, but if it does, maybe I should roll back Let’s encrypt to an older version, or understand why the new version doesn’t work on Ubuntu 14.04 anymore. I’m currently running certbot version 0.28.0 in Ubuntu 14.04.