Invalid response acme challenge

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: sudo certbot certonly --webroot --agree-tos --email your-email-address -d -w /var/www/html/

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. (http-01): urn:ietf:params:acme:erro r:unauthorized :: The client lacks sufficient authorization :: Invalid response from h ttp:// OnmRoZig: “<html lang=“en” data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSw AwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWX”


  • The following errors were reported by the server:

    Type: unauthorized
    Detail: Invalid response from OBGOOnmRoZig:
    “<html lang=“en”
    data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdF lb6TdQhxb9RXWX”

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version):
nginx version: nginx/1.10.3

The operating system my web server runs on is (include version): ubuntu 16.04 LTS

My hosting provider, if applicable, is:
Microsoft Azure Cloud

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes, I can login as Root.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Hi @bandidopabs

checking your /.well-known/acme-challenge - directory, there is something curious:

Your server sends a http status 200, not the expected 404 / not found - status.

So it looks like there are wrong redirects or a wrong configuration.

Try to create a file named 1234 (without extension) under /.well-known/acme-challenge, so you can load this file via browser:

Hi JuergenAuer,

I appreciate you taking time to responde to me but how do I access the /.well-know/acme-challenge directory? I’ve tried using cd /.well-known/acme-challenge but nothing comes out.

You use this


as your webroot. So first

cd /var/http/html

then create the two directories.

Ok JuergenAuer, I’ve created both directories and created the file 1234. Awaiting your orders.

There is a Sedo-parking domain. You can't get a certificate if the domain is parked.

Does that mean I mean I need to purchase the domain or am I good to go once I create a website for it? I’m trying to set this up locally in the Azure cloud.

To use the webroot method, there should already be a DNS record pointing the name in question at the server where you’re running Certbot. In this parking situation, the DNS A record points to a registrar parking site instead of to your server, so it’s premature to request the certificate using the webroot method.

Are you owner of If not, you can't get a certificate with this domain name.

You need a public / global / worldwide visible unique domain name. Then you can get a certificate with this name.

Hey Schoen, is there a way to have it point to my server? I have the A record pointing to the IP address of my virtual machine and as I mentioned in an earlier post I’m just trying to set up the mailserver for a local network.


I am not the owner of I don’t have it registered it to any of hosting services. I’m still a little green and I appreciate your patience with me but is there a way to this internally so I can have the internal users of my network accessing web page with no security issues?

No, this isn't possible. If you want to have a public / global trusted certificate, you need a public visible domain name. And you must prove, that you are able to manage this domain (creating a text file in the folder /.well-known/acme-challenge or a dns entry with a special value).

A private network without a public name can't get a certificate of a public Certificate Authority.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.