Rewew expired cerbot not working Ubuntu 18.04

Posted August 3, 2021 199 views
Ubuntu 18.04

My ssl certificates expired 2 days ago and I am trying to renew it using the command sudo certbot renew.

I already successfully updated previous certs but here it does not seem to be working on Ubuntu 18.04.

The following error shows up:

`Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for
http-01 challenge for
Waiting for verification…
Cleaning up challenges
Attempting to renew cert ( from /etc/letsencrypt/renewal/ produced an unexpected error: Failed authorization procedure. (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from []: “<!DOCTYPE html>\n<html lang="en">\n <head>\n <meta charset="utf-8">\n <title>Page not found</title>\n <link h”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)

1 renew failure(s), 0 parse failure(s)


  • The following errors were reported by the server:

Type: unauthorized
Detail: Invalid response from
[]: “<!DOCTYPE html>\n<html lang="en">\n <head>\n
<meta charset="utf-8">\n <title>Page not found</title>\n
<link h”

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer


You can try to use a standalone web server instead of Apache plugin. Test it due to the following steps. As long as you use --dry-run option, you do not make any changes.

1. Stop Apache service.

sudo systemctl stop apache2

2. Run certbot with certonly subcommand using --standalone temporarily spun-up web server. Specify all the (sub)domains you want to have certificate for using -d parameter. certbot in certonly mode does not install the certificate, just obtains/renews it.

sudo certbot certonly --standalone --dry-run -d -d -d

3. Start Apache service.

sudo systemctl start apache2

If above test is successfully completed, you can repeat these steps removing --dry-run option. I recommend taking droplet’s snapshot before that, just in case.

Let us know how it works.

  • Hi Yannek,

    thanks for your reply.

    this command
    sudo certbot certonly --standalone --dry-run -d -d -d

    gives the following error:

    sudo certbot certonly –standalone –dry-run -d -d
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator standalone, Installer None
    Cert is due for renewal, auto-renewing…
    Renewing an existing certificate
    An unexpected error occurred:
    The request message was malformed :: Method not allowed
    Please see the logfiles in /var/log/letsencrypt for more details.

    • Hi again,

      Let’s see what certbot related packages you have installed…

      apt list --installed | grep --regexp 'certbot'

      …and whether they are upgradable…

      sudo apt update && apt list --upgradable | grep --regexp 'certbot'

      Can you share the results, pls.

      • Hi Yannek,

        So we have this for the first command:

        apt list --installed | grep --regexp 'certbot'


        WARNING: apt does not have a stable CLI interface. 
        Use with caution in scripts.
        certbot/now 0.28.0-1+ubuntu18.04.1+certbot+4 all [installed,upgradable to: 0.31.0-2~deb10u1+ubuntu18.04.1+certbot+3]
        python-certbot-apache/bionic,now 0.31.0-1+ubuntu18.04.1+certbot+1 all [installed]
        python3-acme/now 0.28.0-1+ubuntu18.04.1+certbot+3 all [installed,upgradable to: 0.31.0-2+ubuntu18.04.3+certbot+2]
        python3-augeas/bionic,now 0.5.0-1+ubuntu18.04.1+certbot+1 all [installed,automatic]
        python3-certbot/now 0.28.0-1+ubuntu18.04.1+certbot+4 all [installed,upgradable to: 0.31.0-2~deb10u1+ubuntu18.04.1+certbot+3]
        python3-certbot-apache/now 0.28.0-1+ubuntu18.04.1+certbot+3 all [installed,upgradable to: 0.31.0-1+ubuntu18.04.1+certbot+1]
        python3-configobj/bionic,now 5.0.6-2+ubuntu18.04.1+certbot+1 all [installed]
        python3-future/bionic,now 0.15.2-4+ubuntu18.04.1+certbot+3 all [installed,automatic]
        python3-josepy/bionic,now 1.1.0-2+ubuntu18.04.1+certbot+1 all [installed,automatic]
        python3-parsedatetime/bionic,now 2.4-3+ubuntu18.04.1+certbot+3 all [installed,automatic]
        python3-requests-toolbelt/bionic,now 0.8.0-1+ubuntu18.04.1+certbot+1 all [installed,automatic]
        python3-zope.component/bionic,now 4.3.0-1+ubuntu18.04.1+certbot+3 all [installed,automatic]
        python3-zope.hookable/bionic,now 4.0.4-4+ubuntu18.04.1+certbot+1 amd64 [installed,automatic]
        python3-zope.interface/bionic,now 4.3.2-1+ubuntu18.04.1+certbot+1 amd64 [installed]`

        and this for the second one:

        sudo apt update && apt list --upgradable | grep --regexp 'certbot'


        Hit:1 main InRelease
        Hit:2 bionic InRelease
        Get:3 bionic-updates InRelease [88.7 kB]
        Get:4 bionic-backports InRelease [74.6 kB]
        Hit:5 bionic InRelease
        Get:6 bionic-security InRelease [88.7 kB]
        Get:7 bionic-updates/main amd64 Packages [2161 kB]
        Get:8 bionic-updates/multiverse amd64 Packages [31.0 kB]
        Fetched 2444 kB in 1s (2009 kB/s)
        Reading package lists... Done
        Building dependency tree
        Reading state information... Done
        125 packages can be upgraded. Run 'apt list --upgradable' to see them.
        WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
        certbot/bionic 0.31.0-2~deb10u1+ubuntu18.04.1+certbot+3 all [upgradable from: 0.28.0-1+ubuntu18.04.1+certbot+4]
        python3-acme/bionic 0.31.0-2+ubuntu18.04.3+certbot+2 all [upgradable from: 0.28.0-1+ubuntu18.04.1+certbot+3]
        python3-certbot/bionic 0.31.0-2~deb10u1+ubuntu18.04.1+certbot+3 all [upgradable from: 0.28.0-1+ubuntu18.04.1+certbot+4]
        python3-certbot-apache/bionic 0.31.0-1+ubuntu18.04.1+certbot+1 all [upgradable from: 0.28.0-1+ubuntu18.04.1+certbot+3]
        edited by bobbyiliev