We recently ran into an issue where certbot was outdated and needed to upgraded to a newer version. In this process, we issued new Let’s Encrypt certificates, however it was only doing this for the www version of the site, rather than the non-www version of the site. This was a problem since all requests were being redirected to https://[SITE_NAME].com
We kept getting an error that looked like the following:

Domain: [SITE_NAME].com
Type: unauthorized
Detail: Invalid response from
https://[SITE_NAME].com/.well-known/acme-challenge/xxxxxxxxxxxxxxxxxxxx:"
<!DOCTYPE html>

Our web host was running Ubuntu with Apache. Since certbot uses the ACME challenge authentication method, it turned out that we had to give the right permissions and access to certbot allow client authorization to the correct path of the website directory. After many attempts at troubleshooting, it was as simple as this:

sudo mkdir /var/www/www/[site_name]/.well-known/acme-challenge

We also wanted to test the right path by making sure we could access it publicly from the outside, so we created a test HTML file that we could hit:

nano /var/www/www/[site_name]/.well-known/acme-challenge/index.html

Once this was complete we ran certbot –apache and were able to successfully renew the certificate for both the non-www and www versions of the site! Happy day!

Developer, IT Infrastructure, Security