Error auto renewing my ssl certificate

My domain is: mindmapmaker.org

My web server is (include version): nginx

The operating system my web server runs on is (include version): Centos 9 stream

I can login to a root shell on my machine (yes or no, or I don't know): Yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 5.5.0

My website's ssl expiry date is less than 29 days. However, there is an error renewing my SSL certificates. Here is the snippet from the log file.

....
2026-04-10 15:54:47,847:ERROR:certbot._internal.renewal:Failed to renew certificate mindmapmaker.org with error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: No such authorization
2026-04-10 15:54:47,850:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/var/lib/snapd/snap/certbot/5528/lib/python3.12/site-packages/certbot/_internal/renewal.py", line 715, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/var/lib/snapd/snap/certbot/5528/lib/python3.12/site-packages/certbot/_internal/main.py", line 1548, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/lib/snapd/snap/certbot/5528/lib/python3.12/site-packages/certbot/_internal/main.py", line 131, in _get_and_save_cert
renewal.renew_cert(config, sans, le_client, lineage)
File "/var/lib/snapd/snap/certbot/5528/lib/python3.12/site-packages/certbot/_internal/renewal.py", line 565, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(sans, new_key)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/lib/snapd/snap/certbot/5528/lib/python3.12/site-packages/certbot/_internal/client.py", line 434, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/lib/snapd/snap/certbot/5528/lib/python3.12/site-packages/certbot/_internal/client.py", line 494, in _get_order_and_authorizations
orderr = self.acme.new_order(csr_pem, profile=profile)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/lib/snapd/snap/certbot/5528/lib/python3.12/site-packages/acme/client.py", line 142, in new_order
authorizations.append(self._authzr_from_response(self._post_as_get(url), uri=url))
^^^^^^^^^^^^^^^^^^^^^^
File "/var/lib/snapd/snap/certbot/5528/lib/python3.12/site-packages/acme/client.py", line 400, in _post_as_get
return self._post(*new_args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/lib/snapd/snap/certbot/5528/lib/python3.12/site-packages/acme/client.py", line 461, in _post
return self.net.post(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/lib/snapd/snap/certbot/5528/lib/python3.12/site-packages/acme/client.py", line 812, in post
return self._post_once(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/lib/snapd/snap/certbot/5528/lib/python3.12/site-packages/acme/client.py", line 827, in _post_once
response = self._check_response(response, content_type=content_type)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/lib/snapd/snap/certbot/5528/lib/python3.12/site-packages/acme/client.py", line 699, in _check_response
raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: No such authorization
...

What is the issue? How can I fix it?

When I run the command manually, ie, certbot renew , it is renewing properly.

Thanks

your site is using new cert just signed an hour ago, so in issue I guess?

I mentioned it. It worked properly, when I ran the command manually. ie, certbot renew

But it gave an error when it was invoked through the timer. It showed error. I have put it in my question. Please check.

that's server side error and we don't know what certbot send as message, so nothing to look at:

This is the error in the log file.

....
2026-04-10 15:54:47,847:ERROR:certbot._internal.renewal:Failed to renew certificate mindmapmaker.org with error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: No such authorization
2026-04-10 15:54:47,850:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File "/var/lib/snapd/snap/certbot/5528/lib/python3.12/site-packages/certbot/_internal/renewal.py", line 715, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File "/var/lib/snapd/snap/certbot/5528/lib/python3.12/site-packages/certbot/_internal/main.py", line 1548, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/lib/snapd/snap/certbot/5528/lib/python3.12/site-packages/certbot/_internal/main.py", line 131, in _get_and_save_cert
renewal.renew_cert(config, sans, le_client, lineage)
File "/var/lib/snapd/snap/certbot/5528/lib/python3.12/site-packages/certbot/_internal/renewal.py", line 565, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(sans, new_key)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/lib/snapd/snap/certbot/5528/lib/python3.12/site-packages/certbot/_internal/client.py", line 434, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/lib/snapd/snap/certbot/5528/lib/python3.12/site-packages/certbot/_internal/client.py", line 494, in _get_order_and_authorizations
orderr = self.acme.new_order(csr_pem, profile=profile)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/lib/snapd/snap/certbot/5528/lib/python3.12/site-packages/acme/client.py", line 142, in new_order
authorizations.append(self._authzr_from_response(self._post_as_get(url), uri=url))
^^^^^^^^^^^^^^^^^^^^^^
File "/var/lib/snapd/snap/certbot/5528/lib/python3.12/site-packages/acme/client.py", line 400, in _post_as_get
return self._post(*new_args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/lib/snapd/snap/certbot/5528/lib/python3.12/site-packages/acme/client.py", line 461, in _post
return self.net.post(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/lib/snapd/snap/certbot/5528/lib/python3.12/site-packages/acme/client.py", line 812, in post
return self._post_once(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/lib/snapd/snap/certbot/5528/lib/python3.12/site-packages/acme/client.py", line 827, in _post_once
response = self._check_response(response, content_type=content_type)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/var/lib/snapd/snap/certbot/5528/lib/python3.12/site-packages/acme/client.py", line 699, in _check_response
raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:malformed :: The request message was malformed :: No such authorization
...

I'd need few lines before error: but from link I linked it looks like LE side DB duplication delay

This is it.

2026-04-10 15:54:47,567:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for mindmapmaker.org and 3 more
2026-04-10 15:54:47,568:DEBUG:acme.client:Requesting fresh nonce
2026-04-10 15:54:47,568:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2026-04-10 15:54:47,619:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2026-04-10 15:54:47,619:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 10 Apr 2026 10:24:47 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: wN0WXCrxu7XQpnzMghaiLvxAaIrX5DrLJg8VokEOYbXYYmsG2HE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2026-04-10 15:54:47,620:DEBUG:acme.client:Storing nonce: wN0WXCrxu7XQpnzMghaiLvxAaIrX5DrLJg8VokEOYbXYYmsG2HE
2026-04-10 15:54:47,620:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "mindmapmaker.org"\n    },\n    {\n      "type": "dns",\n      "value": "app.mindmapmaker.org"\n    },\n    {\n      "type": "dns",\n      "value": "www.app.mindmapmaker.org"\n    },\n    {\n      "type": "dns",\n      "value": "www.mindmapmaker.org"\n    }\n  ]\n}'
2026-04-10 15:54:47,622:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTQ3MTUwMzYyNiIsICJub25jZSI6ICJ3TjBXWENyeHU3WFFwbnpNZ2hhaUx2eEFhSXJYNURyTEpnOFZva0VPWWJYWVltc0cySEUiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "BVcOQESEkzXc1YC8eFhGkNMvowEY_IGFtP8AGaz2gm1CJTe3MAIItJTLjCPpZKzceRTmNCU6kigrSjIYILbONKKmo8IrH_BzEuDfBQxs-68cMOC8Sw_x4JLy3MkuQARiTQajvx5wg3QAJ2JIIYK2vsA5m4YgsGO4n-HQulIefEF-wRfP-9VMJMkqAvp4u0lLp5xnvgNlwp7xTObq8RFp9Bkguc4Zgmuy1AGT3ME7VOfI8VE-dGbBIVzjH0wKtzv4Q3WLjRuVEEfENC_hwGATP9FGiSApPuDZAXibYUC4bG4lR5XV7AJVEXS0dTco6uHNfKtCk0CNYhMis2NiexLVvw",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIm1pbmRtYXBtYWtlci5vcmciCiAgICB9LAogICAgewogICAgICAidHlwZSI6ICJkbnMiLAogICAgICAidmFsdWUiOiAiYXBwLm1pbmRtYXBtYWtlci5vcmciCiAgICB9LAogICAgewogICAgICAidHlwZSI6ICJkbnMiLAogICAgICAidmFsdWUiOiAid3d3LmFwcC5taW5kbWFwbWFrZXIub3JnIgogICAgfSwKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInd3dy5taW5kbWFwbWFrZXIub3JnIgogICAgfQogIF0KfQ"
}
2026-04-10 15:54:47,816:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 807
2026-04-10 15:54:47,817:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Fri, 10 Apr 2026 10:24:47 GMT
Content-Type: application/json
Content-Length: 807
Connection: keep-alive
Boulder-Requester: 1471503626
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1471503626/499232617081
Replay-Nonce: nkq3kksZulHdJsREClGsIZJYu_8ozUDRvclBkMY6JnWvammYVPo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2026-04-17T10:24:47Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "app.mindmapmaker.org"
    },
    {
      "type": "dns",
      "value": "mindmapmaker.org"
    },
    {
      "type": "dns",
      "value": "www.app.mindmapmaker.org"
    },
    {
      "type": "dns",
      "value": "www.mindmapmaker.org"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/1471503626/686008497311",
    "https://acme-v02.api.letsencrypt.org/acme/authz/1471503626/686008497401",
    "https://acme-v02.api.letsencrypt.org/acme/authz/1471503626/686008497481",
    "https://acme-v02.api.letsencrypt.org/acme/authz/1471503626/686008497541"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1471503626/499232617081"
}
2026-04-10 15:54:47,817:DEBUG:acme.client:Storing nonce: nkq3kksZulHdJsREClGsIZJYu_8ozUDRvclBkMY6JnWvammYVPo
2026-04-10 15:54:47,817:DEBUG:acme.client:JWS payload:
b''
2026-04-10 15:54:47,819:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/1471503626/686008497311:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTQ3MTUwMzYyNiIsICJub25jZSI6ICJua3Eza2tzWnVsSGRKc1JFQ2xHc0laSll1XzhvelVEUnZjbEJrTVk2Sm5XdmFtbVlWUG8iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzE0NzE1MDM2MjYvNjg2MDA4NDk3MzExIn0",
  "signature": "nbJroMeMpv_r3qhSRm9zjW43qMGD20U3RL6K-NjM-9nyxHWKHlgVSoqKGdNcBD0CXVrlf7GdFtjVG0FPtn-lUDjPggIBJMnEwpFuU44v0OMFvXkBtaneq9cdfEvC5qarj_1zoQMRaLCA1NcNE1Z-5p9J1bcHBU7s9cE9Sh04HwP2Gsrc9nyZOLlLRZl2U3kQh4cjVUy9ijOd4sFyCyVABmcEdwrllWPoNpnWdrtWEVgaw41G83fsLBoZiA1lm3vFVrbsdWnFuUAkz4T4Oiz1fp2yw8ToAa1AoqDQOaZ3KD0uUafSND_iL1ZKXjvY4jrSot7lmRtdzPZIOyxoydP4ng",
  "payload": ""
}
2026-04-10 15:54:47,846:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/1471503626/686008497311 HTTP/1.1" 404 106
2026-04-10 15:54:47,847:DEBUG:acme.client:Received response:
HTTP 404
Server: nginx
Date: Fri, 10 Apr 2026 10:24:47 GMT
Content-Type: application/problem+json
Content-Length: 106
Connection: keep-alive
Boulder-Requester: 1471503626
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: wN0WXCrxrvSJZWTeWkk1ZlH9bnj0vvjXpYD3Ph7PA7ZYtY6AFqU

{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "No such authorization",
  "status": 404
}

looks like long standing bug at LE side that auth sync get delayed for few seconds: that exact auth get used to make a valid challenge

Yes that is the issue. Timer job failed to generate a certificate. When I run the script manually, it is working fine.

How to fix this?

Thanks

Not yours to fix- someone from LE need to fix. but it's rare enough that not bother to abandon read-only mirrors I guess

Is that because I use 4 domains for a single certificate? I use these 4 domains on a single certificate.

For other domains, I use 2 domains only per certifcate. Those certificates had no issues so far.

Thanks

No. Up to 100 domain names can appear in a Let's Encrypt cert. And many certs have more than than just a few.

Is this "404" error occurring frequently? Because it is a known low-priority problem because it is rare. It might cause a single cert renewal request to fail but the next scheduled renewal would work. That is no different than a random failure due to a comms failure or other outages anywhere. Certbot should be running twice a day to check for renewals.

The "404" bug might cause an initial cert request to fail but repeating it should succeed.

If you are seeing these "404" errors persist that needs further debug.

Why LE team is reluctant to fix this issue?

They reported that this would fix the next time Certbot runs. But that was not happening.

I had this issue some months ago. Certbot renew service would run 2 times a day in my server using SNAP. But even after running continuous renewal process, it always showed the error. My certificate generation was not successful. Then I had to manually run, 'certbot renew' command.

Thats when it worked.

Then, for the next 2 or 3 times, it was running properly.

But the issue again occured on April 10. Next time, if it happens again, I shall provide the complete log files to show that the certifcate generation is not successful even after 2 or 3 retries.

Thanks

Because so far it has only ever been seen very rarely. I explained this already. If it happens to you frequently we need to look at this more.

Yes, please show multiple logs showing the "404" error. If you copy the log file to a .txt file you should be able to upload the file rather than copy/pasting the entire contents. If you have to copy/paste just show the "404" error and a few lines preceding it. Such as I show below

I looked at your cert history and you generally get a cert about every 60 days starting Apr 2025. I see 2025: Apr14, Jun13, Aug13, Oct12, Dec10 and 2026: Feb8, Apr10

You should not see "404" errors as often as you describe. But, Certbot may not renew exactly at the 30 day mark either. The exact timing depends on the ARI (ACME Renewal Info) it receives from the Let's Encrypt server. In the case of a CA revocation event you may even get a renewal much sooner than usual. My point is that you should not assume a "404" error is the reason for any renewal delay. The logs will be very helpful to isolate what is happening for you.

If you have to copy/paste please show starting with the POST to /acme/new-order URL through the "404" response like this:

2026-04-10 15:54:47,816:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 807
2026-04-10 15:54:47,817:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Fri, 10 Apr 2026 10:24:47 GMT
Content-Type: application/json
Content-Length: 807
Connection: keep-alive
Boulder-Requester: 1471503626
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1471503626/499232617081
Replay-Nonce: nkq3kksZulHdJsREClGsIZJYu_8ozUDRvclBkMY6JnWvammYVPo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2026-04-17T10:24:47Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "app.mindmapmaker.org"
    },
    {
      "type": "dns",
      "value": "mindmapmaker.org"
    },
    {
      "type": "dns",
      "value": "www.app.mindmapmaker.org"
    },
    {
      "type": "dns",
      "value": "www.mindmapmaker.org"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz/1471503626/686008497311",
    "https://acme-v02.api.letsencrypt.org/acme/authz/1471503626/686008497401",
    "https://acme-v02.api.letsencrypt.org/acme/authz/1471503626/686008497481",
    "https://acme-v02.api.letsencrypt.org/acme/authz/1471503626/686008497541"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1471503626/499232617081"
}
2026-04-10 15:54:47,817:DEBUG:acme.client:Storing nonce: nkq3kksZulHdJsREClGsIZJYu_8ozUDRvclBkMY6JnWvammYVPo
2026-04-10 15:54:47,817:DEBUG:acme.client:JWS payload:
b''
2026-04-10 15:54:47,819:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/1471503626/686008497311:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTQ3MTUwMzYyNiIsICJub25jZSI6ICJua3Eza2tzWnVsSGRKc1JFQ2xHc0laSll1XzhvelVEUnZjbEJrTVk2Sm5XdmFtbVlWUG8iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzE0NzE1MDM2MjYvNjg2MDA4NDk3MzExIn0",
  "signature": "nbJroMeMpv_r3qhSRm9zjW43qMGD20U3RL6K-NjM-9nyxHWKHlgVSoqKGdNcBD0CXVrlf7GdFtjVG0FPtn-lUDjPggIBJMnEwpFuU44v0OMFvXkBtaneq9cdfEvC5qarj_1zoQMRaLCA1NcNE1Z-5p9J1bcHBU7s9cE9Sh04HwP2Gsrc9nyZOLlLRZl2U3kQh4cjVUy9ijOd4sFyCyVABmcEdwrllWPoNpnWdrtWEVgaw41G83fsLBoZiA1lm3vFVrbsdWnFuUAkz4T4Oiz1fp2yw8ToAa1AoqDQOaZ3KD0uUafSND_iL1ZKXjvY4jrSot7lmRtdzPZIOyxoydP4ng",
  "payload": ""
}
2026-04-10 15:54:47,846:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/1471503626/686008497311 HTTP/1.1" 404 106
2026-04-10 15:54:47,847:DEBUG:acme.client:Received response:
HTTP 404
Server: nginx
Date: Fri, 10 Apr 2026 10:24:47 GMT
Content-Type: application/problem+json
Content-Length: 106
Connection: keep-alive
Boulder-Requester: 1471503626
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: wN0WXCrxrvSJZWTeWkk1ZlH9bnj0vvjXpYD3Ph7PA7ZYtY6AFqU

{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "No such authorization",
  "status": 404
}