• certbot first establishes connection over ipv6. If you are getting timeout errors check firewall for ipv6 https access or set network stack to prefer ipv4 over ipv6

• Make sure that you can access a file path under webserver root as certbot uses .well-acme folder inside it to fetch the token it uses to check the owner of domain/server

• If there is a previous redirect in webserver configuration it could also interfere with certificate generation

• Certbot only works on default ports, 80 and 443. Check if the Listen directive has a different port if you get “Unauthorized error.

Error: Failed authorization procedure. www.example.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from…

There might redirect rules in effect. Try putting this in your .htaccess or vhost file:

RewriteCond %{REQUEST_URI} !^\.well-known/(.*)$

If you get this weird error only on Firefox (89.0.2) and other browsers are ok, delete the existing certificate

certbot delete

and run again

certbot

This should resolve the issue.

• Debian 10.8
• certbot 0.31.0

• Install certbot
• Install certbot via manual method
• Certbot download certificates only