Lets Encrypt Apache Renew Fails When Using ProxyPass

Written by James McDonald

July 17, 2017

These Apache Proxy rules will send all traffic to the backend host

ProxyPass /
ProxyPassReverse /

Which causes letencrypt to fail when trying to renew the SSL Cert on the Proxy Host because the request for http://yoursslcerthost.example.com/.well-known/  gets incorrectly passed to the backend host

So to make it work you need to tell mod_proxy to ignore that path as follows. Then you certbot-auto renew –no-self-upgrade command will complete successfully

ProxyPass /.well-known/ !
ProxyPass /
ProxyPassReverse /

The error you will see when running certbot-auto manually may look like

- The following errors were reported by the server:

Domain: yoursslcerthost.example.com
Type: unauthorized
Detail: Invalid response from



Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…

List local disks

GET-CimInstance -query "SELECT * from Win32_DiskDrive" DeviceID Caption Partitions Size Model -------- -------...

Create ISO using Powershell

Usage New-IsoFile -NewIsoFilePath C:\tmp\Hyper-V.iso-sources -ImageName Hyper-V -SourceFilePath 'C:\tmp\Hyper-V'...