Failed authorization procedure. / The client lacks sufficient authorization ::

My domain is: example.com

I ran this command: sudo certbot --nginx -d example.com -d www.example.com

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org Obtaining a new certificate Performing the following challenges: http-01 challenge for www.example.com Waiting for verification… Cleaning up challenges Failed authorization procedure. www.example.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.example.com/.well-known/acme-challenge/1HtLkaKQGWJRwh-hY1py8Ucw8DtYL0-SyJwtzMqvcc4 [2607:f8b0:400f:805::2013]: "\n\n \n <meta name=viewport content=“initial-scale=1, minimum-scale=1, width=dev” IMPORTANT NOTES: - The following errors were reported by the server: Domain: www.example.com Type: unauthorized Detail: Invalid response from http://www.example.com/.well-known/acme-challenge/1HtLkaKQGWJRwh-hY1py8Ucw8DtYL0-SyJwtzMqvcc4 [2607:f8b0:400f:805::2013]: "\n\n \n <meta name=viewport content=“initial-scale=1, minimum-scale=1, width=dev” To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.

My web server is (include version): nginx

The operating system my web server runs on is (include version): linux ubuntu 16 ec2 instance on AWS

My hosting provider, if applicable, is: Godaddy

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

www.example.com points to some Google service. Fix up its IP address to point to your nginx server.

Hi @jclinton830

checking your domain you see the problem - https://check-your-website.server-daten.de/?q=example.com

You have ipv4- and ipv6 - addresses, that's good.

But your non-www is Amazon, your www is Google. So you can't create one certificate with both domain names and http-validation.

I deleted the www pointing to google from godaddy dns management system.

But the problem still persists.

Yep, there is a new check of your domain, now the www doesn't exist.

Did you removed the www version in your command?

If yes, the main things are ok, /.well-known/acme-challenge/random-filename answers with the expected http result 404 - Not Found.

What says

nginx -T

Are there duplicated combinations port + server_name?

Thanks for your help. After deleting the CNAME record for www pointing to google, I added another CNAME record for www and pointed it to @.

The certificates were generated for both non www and www.

Thanks for your help.

Yep, there is a new check - and a new certificate:

CN=example.com
	04.09.2019
	03.12.2019
expires in 90 days	
example.com, www.example.com - 2 entries

That looks good

Is it possible to set it up to renew the ssl certificates automatically?

Did you use Certbot?

If yes, there should be a cron job or something else.

Check

Automated renewals

https://certbot.eff.org/docs/using.html#automated-renewals

I edited this thread at the original poster’s request to change the domain (ROT13 of fcebhgfpvragvsvp.pbz) to example.com. (This thread was not really about the example.com domain.)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.