Getting Unauthorized exception when encrypting

Facing issue in creating certification. Please check the information that I am passing.

My domain is: security.shishunir.com

I ran this command: sudo certbot --nginx -d security.shishunir.com -d www.security.shishunir.com

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for security.shishunir.com and www.security.shishunir.com

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: security.shishunir.com
Type: unauthorized
Detail: 125.253.92.186: Invalid response from http://security.shishunir.com/.well-known/acme-challenge/RRXVTjaqi7WvBYd7SjTKRk_HC0W4NAh0EvmB1Z1GJ0Y: 404

Domain: www.security.shishunir.com
Type: unauthorized
Detail: 125.253.92.186: Invalid response from http://www.security.shishunir.com/.well-known/acme-challenge/V-pg0C61RTTqksmXL-aj7N42ZyKWkqbxakTOo3Tf0pU: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

My web server is (include version): nginx/1.24.0

The operating system my web server runs on is (include version): ubuntu 24.04

My hosting provider, if applicable, is: aws

I have also check with nginx -T and it gives:
2025/06/28 11:05:01 [warn] 8422#8422: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
2025/06/28 11:05:01 [emerg] 8422#8422: open() "/run/nginx.pid" failed (13: Permission denied)
nginx: configuration file /etc/nginx/nginx.conf test failed

You need to fix this emerg level error. Your nginx system cannot be started until you fix that. This is a general problem on your nginx install. Search the internet for that error message and you will get many suggestions. Or, ask your hosting provider (if any) for advice.

Once your nginx system is working and responding to HTTP requests you can try Certbot again.

Both HTTP and HTTPS requests to your domain are currently working. An HTTPS request even uses a certificate from Let's Encrypt issued just a few hours ago. So, I am not sure what purpose this broken nginx has. You may need to review your overall webserver plan.

Hlw MikeMcQ,
By mistake I missed sudo. When gave the command as sudo nginx -T, I got

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

But the certification result is same. Getting

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: security.shishunir.com
Type: unauthorized
Detail: 125.253.92.186: Invalid response from http://security.shishunir.com/.well-known/acme-challenge/rnv2fu0L4OIKxtLhFnw3glGGpcnxN5OgT8ERZj4sUjw: 404

Domain: www.security.shishunir.com
Type: unauthorized
Detail: 125.253.92.186: Invalid response from http://www.security.shishunir.com/.well-known/acme-challenge/krhVa_sGwAyTkq72omMGpkT977Mk1Fnlj0-BXCVnAUo: 404

The "404" in that error means "Not Found". The Let's Encrypt server made that HTTP challenge request to your server but your system said it was not found.

The --nginx option configures your local nginx system to reply to the LE HTTP Challenge. But, it looks like something other than nginx is replying.

If I do a curl to your domain I get redirected to an IP address that is different than what you have in your DNS for this domain

curl -i http://security.shishunir.com
HTTP/1.1 301 Moved Permanently
location: http://13.232.120.85

And, at that different IP an nginx system replies.

Can you explain what you are trying to accomplish? Because I don't think this exact configuration of DNS and servers will work as you expect

curl -i http://13.232.120.85/
HTTP/1.1 200 OK
Server: nginx/1.24.0 (Ubuntu)

Your DNS for your domain

nslookup security.shishunir.com
Address: 125.253.92.186