Error setting up Let's Encrypt with Apache

Hello, I’m trying to set up Let’s crypt SSL certificate on a server running Apache following this tutorial for the domain I follow everything to the risk, but when I run sudo certbot renew --dry-run, I receive an output with the following errors:

Attempting to renew cert ( from /etc/letsencrypt/renewal/ produced an unexpected error: Failed authorization procedure. (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from []: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p". Skipping.


The following certs could not be renewed:
  /etc/letsencrypt/live/ (failure)

I’m a newbie and I’m having a hard time figuring out how to solve this problem. Could someone please help me?

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

The command letsencrypt-auto was not found and find / -name letsencrypt-auto didn’t find anything. I think this command is deprecated. Some more informations: as I said in the original post, there are 2 other domains that were created about 10 months ago which HTTPS are working fine. This new domain I’m trying to create using the exact same method is giving this ACME error. The thing is, when I run sudo certbot renew --dry-run, the output shows that the ACME validation fails to the 3 domains (it fails to the new one I’m trying to create and to the other 2 that are already validated and running fine). So, I think if I created this new domain 10 months ago, it would probably be working just fine. Also, if I was creating those 2 other (old) domains now, they would provide some error too. My guess is that some update in Let’s Encrypt added this ACME validation as necessary, which doesn’t work on Ubuntu 14.04. I don’t know if this makes sense, but if it does, maybe I should roll back Let’s encrypt to an older version, or understand why the new version doesn’t work on Ubuntu 14.04 anymore. I’m currently running certbot version 0.28.0 in Ubuntu 14.04.

Hello, @renatov

This looks okay from what I can see. Let’s encrypt creates those symlinks so it’s fine.

You can also check if the directory is present and if it has sufficient permissions (both .well-known and acme-challenge are 755)

Let me know how it goes.

Regards, Alex

Hello @alexdo

Thank you for your reply. I think the file you mentioned is present, but it’s seems to be a link to another file:

$ sudo ls -l /etc/letsencrypt/live/
total 4
lrwxrwxrwx 1 root root  44 Dec  2 00:30 cert.pem -> ../../archive/
lrwxrwxrwx 1 root root  45 Dec  2 00:30 chain.pem -> ../../archive/
lrwxrwxrwx 1 root root  49 Dec  2 00:30 fullchain.pem -> ../../archive/
lrwxrwxrwx 1 root root  47 Dec  2 00:30 privkey.pem -> ../../archive/
-rw-r--r-- 1 root root 692 Dec  2 00:30 README

By the way, it only has read access as root. Is everything the way it should be? Concerning the tutorial you mentioned, I must stick with Ubuntu 14.04 until 04/2020. I can’t afford to install and configure the whole server just now, but I’m scheduling to do it when Ubuntu 20.04 LTS is out. I’d like to keep going with Ubuntu 14.04 until then. Everything is working just fine, I just need to provide a HTTPS to this domain and everything is running ok.