Failed authorization procedure.The client lacks sufficient authorization

My domain is: tmc.or.tz

I ran this command: sudo certbot --webroot -w /var/www/bigbluebutton-default/ -d tmc.or.tz certonly

It produced this output: Failed authorization procedure. tmc.or.tz (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient a
uthorization :: Invalid response from http://tmc.or.tz/.well-known/acme-challenge/jWldJ7AMJqfoJZhr9CPCMo6FM6gobDBIrXdGqPROO3c
[212.1.211.119]: "\n<html style=“height:100%”>\n\n<meta name=“viewport” content=“width=device-widt
h, initial-scale=1, shrink-to-”
IMPORTANT NOTES:

  • The following errors were reported by the server:
    Domain: tmc.or.tz
    Type: unauthorized
    Detail: Invalid response from
    http://tmc.or.tz/.well-known/acme-challenge/jWldJ7AMJqfoJZhr9CPCMo6FM6gobDBIrXdGqPROO3c
    [212.1.211.119]: "\n<html
    style=“height:100%”>\n\n<meta name=“viewport”
    content=“width=device-width, initial-scale=1, shrink-to-”
    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version): nginx

The operating system my web server runs on is (include version): Ubuntu 16.04 VM instance

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Cpanel

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.27.0

Can you get a cert using cPanel ?

Yes. I have a certificate from Cpanel .

And…
You are trying to get another cert ?

If you need this cert, you have to be sure the webroot matches the document root.

Yes, because I ran certbot certificates on the server I am installing BigBlueButton and its says

No Certs Found

Sorry, How do I ensure that the webroot matches the document root?

Ok.
First you need to look at the vhost config that covers the domain tmc.or.tz
Does it have?:
<location /.well-known/>
<location /.well-known/acme-challenge/>
or
<location />

Can you find the virtual host config files?

Your server seems to be using LiteSpeed.
I found this online but doesn’t seem to be very helpful:
https://www.litespeedtech.com/support/wiki/doku.php/litespeed_wiki:config:letsencrypt-ssl

Sorry, but I cant see to find the virtual host config files

Try:
find /usr/local/apache2 -name *.conf
or
find /usr/local/apache -name *.conf

This says no records found

OK lets look everywhere:
find / -name apache*.conf

Still same results. No records found.

hmm…

Please show:
sudo netstat -pant | grep -i listen

Do I need to redo Issuing a cert using this?

You can try.
But it didn’t show where to get the document root.
[which is needed to match with the --webroot]

sudo netstat -pant | grep -i listen
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 24305/nginx -g daem
tcp 0 0 10.128.0.5:8081 0.0.0.0:* LISTEN 24270/freeswitch
tcp 0 0 10.128.0.5:8082 0.0.0.0:* LISTEN 24270/freeswitch
tcp 0 0 10.128.0.5:7443 0.0.0.0:* LISTEN 24270/freeswitch
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1941/sshd
tcp 0 0 0.0.0.0:3000 0.0.0.0:* LISTEN 24824/node
tcp 0 0 127.0.0.1:3008 0.0.0.0:* LISTEN 24756/node
tcp 0 0 127.0.0.1:3010 0.0.0.0:* LISTEN 24793/node
tcp 0 0 10.128.0.5:5090 0.0.0.0:* LISTEN 24270/freeswitch
tcp 0 0 127.0.0.1:8100 0.0.0.0:* LISTEN 25235/soffice.bin
tcp 0 0 10.128.0.5:5060 0.0.0.0:* LISTEN 24270/freeswitch
tcp 0 0 127.0.0.1:8101 0.0.0.0:* LISTEN 25311/soffice.bin
tcp 0 0 127.0.0.1:8102 0.0.0.0:* LISTEN 25403/soffice.bin
tcp 0 0 127.0.0.1:8103 0.0.0.0:* LISTEN 25462/soffice.bin
tcp 0 0 127.0.0.1:8104 0.0.0.0:* LISTEN 25521/soffice.bin
tcp 0 0 127.0.0.1:9001 0.0.0.0:* LISTEN 24363/node
tcp 0 0 127.0.1.1:27017 0.0.0.0:* LISTEN 24463/mongod
tcp 0 0 10.128.0.5:5066 0.0.0.0:* LISTEN 24270/freeswitch
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 24515/redis-server
tcp6 0 0 :::5070 :::* LISTEN 24252/java
tcp6 0 0 :::9999 :::* LISTEN 24252/java
tcp6 0 0 :::1935 :::* LISTEN 24252/java
tcp6 0 0 :::80 :::* LISTEN 24305/nginx -g daem
tcp6 0 0 ::1:8081 :::* LISTEN 24270/freeswitch
tcp6 0 0 ::1:8082 :::* LISTEN 24270/freeswitch
tcp6 0 0 ::1:7443 :::* LISTEN 24270/freeswitch
tcp6 0 0 :::8021 :::* LISTEN 24270/freeswitch
tcp6 0 0 :::22 :::* LISTEN 1941/sshd
tcp6 0 0 :::5080 :::* LISTEN 24252/java
tcp6 0 0 :::8888 :::* LISTEN 24369/kurento-media
tcp6 0 0 127.0.0.1:8090 :::* LISTEN 24371/java
tcp6 0 0 ::1:5090 :::* LISTEN 24270/freeswitch
tcp6 0 0 127.0.0.1:8900 :::* LISTEN 24296/java
tcp6 0 0 ::1:5060 :::* LISTEN 24270/freeswitch
tcp6 0 0 ::1:5066 :::* LISTEN 24270/freeswitch

So it’s NOT apache!

Try:
find / -name nginx.conf

find / -name nginx.conf
/etc/init/nginx.conf
/etc/nginx/nginx.conf

Try:
find /etc/nginx -name *.conf