Failed authorization procedure. / The client lacks sufficient authorization ::

My domain is:

I ran this command: sudo certbot --nginx -d -d

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Starting new HTTPS connection (1): Obtaining a new certificate Performing the following challenges: http-01 challenge for Waiting for verification… Cleaning up challenges Failed authorization procedure. (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from [2607:f8b0:400f:805::2013]: "\n\n \n <meta name=viewport content=“initial-scale=1, minimum-scale=1, width=dev” IMPORTANT NOTES: - The following errors were reported by the server: Domain: Type: unauthorized Detail: Invalid response from [2607:f8b0:400f:805::2013]: "\n\n \n <meta name=viewport content=“initial-scale=1, minimum-scale=1, width=dev” To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.

My web server is (include version): nginx

The operating system my web server runs on is (include version): linux ubuntu 16 ec2 instance on AWS

My hosting provider, if applicable, is: Godaddy

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0 points to some Google service. Fix up its IP address to point to your nginx server.

Hi @jclinton830

checking your domain you see the problem -

You have ipv4- and ipv6 - addresses, that’s good.

Host T IP-Address is auth. ∑ Queries ∑ Timeout A Dublin/Ohio/United States (US) -, Inc. Hostname: yes 1 0
AAAA yes C yes 1 0
A Amsterdam/North Holland/Netherlands (NL) - Google LLC Hostname: yes
AAAA 2a00:1450:400e:809::2013 Dublin/Leinster/Ireland (IE) - GOOGLE-2a yes

But your non-www is Amazon, your www is Google. So you can’t create one certificate with both domain names and http-validation.

I deleted the www pointing to google from godaddy dns management system.

But the problem still persists.

Yep, there is a new check of your domain, now the www doesn’t exist.

Did you removed the www version in your command?

If yes, the main things are ok, /.well-known/acme-challenge/random-filename answers with the expected http result 404 - Not Found.

What says

nginx -T

Are there duplicated combinations port + server_name?

Thanks for your help. After deleting the CNAME record for www pointing to google, I added another CNAME record for www and pointed it to @.

The certificates were generated for both non www and www.

Thanks for your help.


Yep, there is a new check - and a new certificate:
expires in 90 days, - 2 entries

That looks good :+1:

Is it possible to set it up to renew the ssl certificates automatically?

1 Like

Did you use Certbot?

If yes, there should be a cron job or something else.


Automated renewals

1 Like

I edited this thread at the original poster’s request to change the domain (ROT13 of fcebhgfpvragvsvp.pbz) to (This thread was not really about the domain.)

1 Like