Failed authorization procedure.The client lacks sufficient authorization

hmm…

Please show:
sudo netstat -pant | grep -i listen

Do I need to redo Issuing a cert using this?

You can try.
But it didn’t show where to get the document root.
[which is needed to match with the --webroot]

sudo netstat -pant | grep -i listen
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 24305/nginx -g daem
tcp 0 0 10.128.0.5:8081 0.0.0.0:* LISTEN 24270/freeswitch
tcp 0 0 10.128.0.5:8082 0.0.0.0:* LISTEN 24270/freeswitch
tcp 0 0 10.128.0.5:7443 0.0.0.0:* LISTEN 24270/freeswitch
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1941/sshd
tcp 0 0 0.0.0.0:3000 0.0.0.0:* LISTEN 24824/node
tcp 0 0 127.0.0.1:3008 0.0.0.0:* LISTEN 24756/node
tcp 0 0 127.0.0.1:3010 0.0.0.0:* LISTEN 24793/node
tcp 0 0 10.128.0.5:5090 0.0.0.0:* LISTEN 24270/freeswitch
tcp 0 0 127.0.0.1:8100 0.0.0.0:* LISTEN 25235/soffice.bin
tcp 0 0 10.128.0.5:5060 0.0.0.0:* LISTEN 24270/freeswitch
tcp 0 0 127.0.0.1:8101 0.0.0.0:* LISTEN 25311/soffice.bin
tcp 0 0 127.0.0.1:8102 0.0.0.0:* LISTEN 25403/soffice.bin
tcp 0 0 127.0.0.1:8103 0.0.0.0:* LISTEN 25462/soffice.bin
tcp 0 0 127.0.0.1:8104 0.0.0.0:* LISTEN 25521/soffice.bin
tcp 0 0 127.0.0.1:9001 0.0.0.0:* LISTEN 24363/node
tcp 0 0 127.0.1.1:27017 0.0.0.0:* LISTEN 24463/mongod
tcp 0 0 10.128.0.5:5066 0.0.0.0:* LISTEN 24270/freeswitch
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 24515/redis-server
tcp6 0 0 :::5070 :::* LISTEN 24252/java
tcp6 0 0 :::9999 :::* LISTEN 24252/java
tcp6 0 0 :::1935 :::* LISTEN 24252/java
tcp6 0 0 :::80 :::* LISTEN 24305/nginx -g daem
tcp6 0 0 ::1:8081 :::* LISTEN 24270/freeswitch
tcp6 0 0 ::1:8082 :::* LISTEN 24270/freeswitch
tcp6 0 0 ::1:7443 :::* LISTEN 24270/freeswitch
tcp6 0 0 :::8021 :::* LISTEN 24270/freeswitch
tcp6 0 0 :::22 :::* LISTEN 1941/sshd
tcp6 0 0 :::5080 :::* LISTEN 24252/java
tcp6 0 0 :::8888 :::* LISTEN 24369/kurento-media
tcp6 0 0 127.0.0.1:8090 :::* LISTEN 24371/java
tcp6 0 0 ::1:5090 :::* LISTEN 24270/freeswitch
tcp6 0 0 127.0.0.1:8900 :::* LISTEN 24296/java
tcp6 0 0 ::1:5060 :::* LISTEN 24270/freeswitch
tcp6 0 0 ::1:5066 :::* LISTEN 24270/freeswitch

So it’s NOT apache!

Try:
find / -name nginx.conf

find / -name nginx.conf
/etc/init/nginx.conf
/etc/nginx/nginx.conf

Try:
find /etc/nginx -name *.conf

find /etc/nginx -name *.conf
/etc/nginx/fastcgi.conf
/etc/nginx/snippets/snakeoil.conf
/etc/nginx/snippets/fastcgi-php.conf
/etc/nginx/nginx.conf

OK seems very simplistic.
Please show:
cat /etc/nginx/nginx.conf

[there’s probably some include file(s) to some other path]

cat /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable “msie6”;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss
text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/.conf;
include /etc/nginx/sites-enabled/
;
}
#mail {

# See sample authentication script at:

# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript

# auth_http localhost/auth.php;

# pop3_capabilities “TOP” “USER”;

# imap_capabilities “IMAP4rev1” “UIDPLUS”;

server {

listen localhost:110;

protocol pop3;

proxy on;

}

server {

listen localhost:143;

protocol imap;

proxy on;

}

#}

Please show:
ls -l /etc/nginx/sites-enabled/

ls -l /etc/nginx/sites-enabled
total 0
lrwxrwxrwx 1 root root 40 May 3 21:35 bigbluebutton -> /etc/nginx/sites-available/bigbluebutton
lrwxrwxrwx 1 root root 34 May 3 21:35 default -> /etc/nginx/sites-available/default

OK, there it is!
Please show:
cat /etc/nginx/sites-available/bigbluebutton

server {
listen 80;
listen [::]:80;
server_name tmc.or.tz;
access_log /var/log/nginx/bigbluebutton.access.log;
# Handle RTMPT (RTMP Tunneling). Forwards requests
# to Red5 on port 5080
location ~ (/open/|/close/|/idle/|/send/|/fcs/) {
proxy_pass http://127.0.0.1:5080;
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffering off;
keepalive_requests 1000000000;
}
# Handle desktop sharing tunneling. Forwards
# requests to Red5 on port 5080.
location /deskshare {
proxy_pass http://127.0.0.1:5080;
proxy_redirect default;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
include fastcgi_params;
}
# BigBlueButton landing page.
location / {
root /var/www/bigbluebutton-default;
index index.html index.htm;
expires 1m;
}
# Include specific rules for record and playback
include /etc/bigbluebutton/nginx/*.nginx;
#error_page 404 /404.html;
# Redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/nginx-default;
}
}

hmm…
That seems to match your --webroot command…
Let’s try placing a test file there and see if it can be reached via the Internet.
echo 'testing' >> /var/www/bigbluebutton-default/test-file
then
ls -l /var/www/bigbluebutton-default/test-file

[may need sudo]

ls: cannot access ‘/var/www/bigbluebutton-default/test-file’: No such file or directory

How about:
sudo echo 'testing' >> /var/www/bigbluebutton-default/test-file
then
ls -l /var/www/bigbluebutton-default/test-file

-rw-r–r-- 1 root root 8 May 4 04:09 /var/www/bigbluebutton-default/test-file

Thats what I get, I did it wrong before.

But the file is NOT accessible from the Internet:

curl -Iki http://tmc.or.tz/test-file
HTTP/1.1 404 Not Found
Connection: Keep-Alive
X-Powered-By: PHP/7.2.30
Content-Type: text/html; charset=UTF-8
Date: Mon, 04 May 2020 04:12:02 GMT
Server: LiteSpeed

And I don’t see NGINX.
I see LiteSpeed.
There must be some PROXY type device inline or along the way.

Or

The port forwarding it NOT external:80 to internal:80
Is there a NAT/firewall type device inline?

Alright, so what happens is that the tmc.or.tz is the domain name assigned to my BigBlueButton server, as instructed on the documentation
First, I installed Let’s Encrypt configuration tool. by running commands

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository universe
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get install certbot

Next, generate a set of 4096-bit diffie-hellman parameters to improve security for some types of ciphers.

sudo mkdir -p /etc/nginx/ssl
sudo openssl dhparam -out /etc/nginx/ssl/dhp-4096.pem 4096

Then to configure the BigBlueButton server with my hostname I ran

$ sudo bbb-conf --setip tmc.or.tz

and lastly request a SSL certificate from Let’s Encrypt using the certbot tool, where the problem starts

sudo certbot --webroot -w /var/www/bigbluebutton-default/ -d tmc.or.tz certonly

Maybe this might help knowing where went wrong! Thank you.