Failed authorization procedure. / The client lacks sufficient authorization ::

My domain is:

I ran this command: sudo certbot --nginx -d -d

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Starting new HTTPS connection (1): Obtaining a new certificate Performing the following challenges: http-01 challenge for Waiting for verification… Cleaning up challenges Failed authorization procedure. (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from [2607:f8b0:400f:805::2013]: "\n\n \n <meta name=viewport content=“initial-scale=1, minimum-scale=1, width=dev” IMPORTANT NOTES: - The following errors were reported by the server: Domain: Type: unauthorized Detail: Invalid response from [2607:f8b0:400f:805::2013]: "\n\n \n <meta name=viewport content=“initial-scale=1, minimum-scale=1, width=dev” To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.

My web server is (include version): nginx

The operating system my web server runs on is (include version): linux ubuntu 16 ec2 instance on AWS

My hosting provider, if applicable, is: Godaddy

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0 points to some Google service. Fix up its IP address to point to your nginx server.

Hi @jclinton830

checking your domain you see the problem -

You have ipv4- and ipv6 - addresses, that's good.

Host T IP-Address is auth. ∑ Queries ∑ Timeout A Dublin/Ohio/United States (US) -, Inc. Hostname: yes 1 0
AAAA yes C yes 1 0
A Amsterdam/North Holland/Netherlands (NL) - Google LLC Hostname: yes
AAAA 2a00:1450:400e:809::2013 Dublin/Leinster/Ireland (IE) - GOOGLE-2a yes

But your non-www is Amazon, your www is Google. So you can't create one certificate with both domain names and http-validation.

I deleted the www pointing to google from godaddy dns management system.

But the problem still persists.

Yep, there is a new check of your domain, now the www doesn't exist.

Did you removed the www version in your command?

If yes, the main things are ok, /.well-known/acme-challenge/random-filename answers with the expected http result 404 - Not Found.

What says

nginx -T

Are there duplicated combinations port + server_name?

Thanks for your help. After deleting the CNAME record for www pointing to google, I added another CNAME record for www and pointed it to @.

The certificates were generated for both non www and www.

Thanks for your help.


Yep, there is a new check - and a new certificate:
expires in 90 days, - 2 entries

That looks good :+1:

Is it possible to set it up to renew the ssl certificates automatically?

1 Like

Did you use Certbot?

If yes, there should be a cron job or something else.


Automated renewals

1 Like

I edited this thread at the original poster’s request to change the domain (ROT13 of fcebhgfpvragvsvp.pbz) to (This thread was not really about the domain.)


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.