Let’s Encrypt 403 Forbidden failed authorization procedure


Here’s some things you need to know before reading any further.

  • Purchased to Google Domains
  • Correctly configured the Nameserver to point to my VPS
  • dig and nslookup commands return correct DNS configuration
  • Apache on Ubuntu

Failed authorization procedure

I spend almost 2 days trying to find a solution to Let’s Encrypt certificates not being fully installed under Ubuntu’s with Apache.

I would run the ./certbot-auto and as soon as we got to the Cleaning up challenges step it would output something like this:

From what I could gather there are multiple things that can trigger this error. Permissions, badly configured domain, closed ports…

Apache 403 Forbidden

I tried everything I could find without any luck. Giving permissions to the manually created /.well-known/acme-challenge/ folder or trying to serve a file from the outside. It was working, no problems there.

However, during the process I would still get the irritating 403.

Specify a webroot path

I still don’t know if it was because the domain has this cool “.club” ending instead of the typical “.com” but I needed to specify –webroot-path or its alias -w.

To not reach my rate limit I did add –dry-run to the command to make it sure I got it right before requesting the certificate for real.

I’m very inclined to think it’s the domain itself. I have 3 other domains (ending on .com and .cat) running in the same VPS server, on the same Apache virtualhost configuration and they can be renewed without having to specify the webroot path.

Here’s the magical command:

After running this, the only thing left to do is to add the chain and key file to the site apache virtualhost configuration.

Message from the bot:

Add the following lines:

I hope this might help you out. Good luck!

Leave a Reply

Add <code> Some Code </code> by using this tags.