Failed Authorization certbot CLI

Please fill out the fields below so we can help you better.

My domain is:

I ran this command:
sudo certbot renew

It produced this output:
Attempting to renew cert from /etc/letsencrypt/renewal/ produced an unexpected error: Failed authorization procedure. (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from "

404 Not Found

404 Not Found

". Skipping.

My web server is (include version):
nginx 1.10.0

The operating system my web server runs on is (include version):
Ubuntu 16.04.2

My hosting provider, if applicable, is:
Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know):
you bet

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no, I’m using SSH

One potential issue - we set this up a while ago, and I fear certbot functionality may have changed and our existing setup is not in the proper format. i have no issue in removing and reinstalling if that’s what’s needed.

Thanks in advance!

One more piece of info - I’m running nginx in a docker container… with file locations mapped out from the container

Hi @dgdosen,

If you look at the file /etc/letsencrypt/renewal/, there is a webroot directory defined. This is meant to point at a directory from which your existing web server is serving web content, corresponding to the top level of your web site. You should check if that location is correct and if Certbot would be able to write files into it which would then appear on your web site.

If you don’t see any problems with that, we can suggest other things to test to narrow down the problem.

Since you’re using Docker, it could well be a file/path mapping issue, where the directory mapping might have changed somehow since you first got the certificate (or the web server configuration could have changed to use a different directory for serving the web site content).

Thanks for the quick reply -

So I’m running the containers, and can attach and see the nginx web_root is mapped from the container to the host, and can access/write to it… I also see .well-known directory was just created in there… but still no renewal.

Can you advise on next steps?

Sure, you should make a file .well-known/acme-challenge/test.txt under your webroot directory and then see if you can see it at

1 Like

I did that and:

This site can’t be reached refused to connect.

One more piece of information -
when we installed letsencrypt, originally, it’s installed to ~/.local/share/letsencrypt. There’s also a certbot-auto executable in the user’s home directory. If I run that (./certbot-auto renew) I get:

registrar@registry:~$ ./certbot-auto renew
Error: couldn't get currently installed version for /home/registrar/.local/share/letsencrypt/bin/letsencrypt:
Traceback (most recent call last):
  File "/home/registrar/.local/share/letsencrypt/bin/letsencrypt", line 7, in <module>
    from certbot.main import main
  File "/home/registrar/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbot/", line 13, in <module>
    from acme import jose
  File "/home/registrar/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/jose/", line 37, in <module>
    from acme.jose.interfaces import JSONDeSerializable
  File "/home/registrar/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/jose/", line 9, in <module>
    from acme.jose import util
  File "/home/registrar/.local/share/letsencrypt/local/lib/python2.7/site-packages/acme/jose/", line 4, in <module>
    from cryptography.hazmat.primitives.asymmetric import rsa
  File "/home/registrar/.local/share/letsencrypt/local/lib/python2.7/site-packages/cryptography/hazmat/primitives/asymmetric/", line 14, in <module>
    from cryptography.hazmat.backends.interfaces import RSABackend
  File "/home/registrar/.local/share/letsencrypt/local/lib/python2.7/site-packages/cryptography/hazmat/backends/", line 7, in <module>
    import pkg_resources
  File "/home/registrar/.local/share/letsencrypt/local/lib/python2.7/site-packages/pkg_resources/", line 36, in <module>
    import plistlib
  File "/usr/lib/python2.7/", line 62, in <module>
    import datetime
ImportError: No module named datetime

Does that help? Should we reinstall?

I think I see our issue - it looks like port 80 wasn’t running as of late in the container… You can close this. Thanks for the help.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.