Failed authorization when run /usr/bin/certbot renew --quiet


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
I ran this command:
/usr/bin/certbot renew --quiet
It produced this output:
Attempting to renew cert ( from /etc/letsencrypt/renewal/ produced an unexpected error: Failed authorization procedure. (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from "<!DOCTYPE html>\r\n<html lang=“en”>\r\n<head>\r\n <meta charset=“utf-8”>\r\n <meta name=“viewport” content=“width=device-width, in”. Skipping. All renewal attempts failed. The following certs could not be renewed: /etc/letsencrypt/live/ (failure) 1 renew failure(s), 0 parse failure(s)
My web server is (include version):
Apache version 2.4.18
The operating system my web server runs on is (include version):
Ubuntu Linux 16.04.5
My hosting provider, if applicable, is:
Amazon VPS
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Webmin version version 1.900 using cron job for renew.


Hi @ahmedvolks

if you use http-01 - validation, certbot creates a file under /.well-known/acme-challenge and Letsencrypt checks this file.

But your website has a wrong redirect ( ).

/.well-known/acme-challenge doesn’t send the file (or - if the file doesn’t exist - a http status 404), instead there is a wrong redirect.

So it’s impossible to find the correct file.

Remove this redirect if it is /.well-known/acme-challenge.


Thank you JuergenAuer for your fast reply, But I’m not like you. Please let me know how to remove this redirect as I do not have a .welknown folder

root@falaq:/home/ubuntu# cd /var/www/html/
root@falaq:/var/www/html# ll

-rwxrwxrwx 1 root root 395 Dec 26 11:01 .htaccess*
-rw-r–r-- 1 root root 1647 Aug 30 09:03 letsencrypt-ca.pem
-rw-r–r-- 1 root root 2533 Aug 30 09:03 letsencrypt-cert.pem
-rw-r–r-- 1 root root 3243 Aug 30 09:03 letsencrypt-key.pem
-rw-r–r-- 1 user users 655 Dec 19 14:37 .profile

Can I use webmin to remove this redirect if it is easy in my case?
I also writing the .htaccess content:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$

I hope this help.


Your redirect goes always to /, this is the problem.

Use something like

RewriteRule (.*) https://%{HTTP_HOST}/$1 [R=301,L]

instead, so http + /.well-known/… is redirected to https + /.well-known/…



was the correct solution, now you have again the wrong redirect.


must redirect to

this produces a http status 404, but this is correct (because the file doesn’t exist).

But if Certbot creates a file in this subdirectory, then Letsencrypt can find this file (Letsencrypt follows https redirects).


Thank you very much and I appreciate this fast response, I made as below, I think is is finally correct, is it?

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$$1 [R=301,L]


Now check if you can create a new certificate.

If not, you must find your webroot. Then you can use this.

Something like

certbot run -a webroot -i apache -w yourWebRoot -d


I ran this command as below:
certbot run -a webroot -i apache -w /var/www/html/ -d

1- choose 2: Renew & replace the cert (limit ~5 per 7 days)
2- chose 2: Redirect - Make all requests redirect to secure …etc.

Now I tested it at the below link and it gave me A degree

I’m realy happy that you helped me and waiting you if you come to Egypt to welcome you. but just give me a sign :slight_smile:


Yep, now your certificate is new:
	17.04.2019 - 1 entry

So the 404 of the unknown file in /.well-known/acme-challenge is good, not a problem.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.