Failed authorization procedure renew Letsencrypt bypass proxy

Please fill out the fields below so we can help you better.

My domain

I ran this command: sudo /opt/letsencrypt/letsencrypt-auto certonly -a webroot --webroot-path=/usr/share/nginx/html -d certbot certonly --webroot -w /var/www/abc-123456/ -d

It produced this output:
Failed authorization procedure. (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response tt<blockqu<blockqu<font size=""er Errorhallenge/woqzNJq1enVQO8Quwgf1-bLq_SPtP3bGvY9VEwUO1nk: "

My operating system is (include version):
My web server is (include version):
Apache2 and Nginx
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):

My Anginx sites-enabled config is
server {
listen 443 ssl;
location ~ /.well-known {
allow all;
server {
listen 443 ssl;

    location / {

Added to get CORS working

 add_header 'Access-Control-Allow-Origin' '*';
 add_header 'Access-Control-Allow-Methods' 'POST,GET,OPTIONS';
 if ($request_method = 'OPTIONS') {
   add_header 'Access-Control-Max-Age' '1728000';
   add_header 'Content-Type' 'text/plain charset=UTF-8';
   add_header 'Content-Length' '0';

   add_header 'Access-Control-Allow-Origin' '*';
   add_header 'Access-Control-Allow-Methods' 'POST,GET,OPTIONS';
   return 204;


This Command that I run:
sudo /opt/letsencrypt/letsencrypt-auto certonly -a webroot --webroot-path=/usr/share/nginx/html -d
certbot certonly --webroot -w /var/www/abc-123456/ -d

Anyone can help me!

Try this location rule for Nginx, this is what I use and have no problems.

# ACME Challenge Rule
location ^~ /.well-known/acme-challenge/ {
	allow all;
    default_type "text/plain";

and then I generate my certs as follows, I have included the –dry-run flag for you, always use --dry-run when you are learning your way around LE, then you can see what response the issuing server is giving you without actually generating a cert yet, when it gives you a favorable response, you simply remove the –dry-run flag

sudo ./certbot-auto certonly --agree-tos --rsa-key-size 4096 -m -d --renew-by-default --dry-run

Then you manually add the cert into your host config in Nginx as follows

    # Include our certificates and chain of trust
	ssl_certificate /etc/letsencrypt/live/;
	ssl_certificate_key /etc/letsencrypt/live/;
	## verify chain of trust of OCSP response using Root CA and Intermediate certs
	ssl_trusted_certificate /etc/letsencrypt/live/;

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.