Invalid response while renewing domains Letsencrypt Certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

Issue Details: I am running compiled version of Nginx 1.22.0 on RHEL8.8. It is working fine. But facing issues with some domain renewal. One of them is

My domain is:

I ran this command: certbot renew --cert-name -v

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/

Certificate is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate for
Performing the following challenges:
http-01 challenge for
Waiting for verification...
Challenge failed for domain
http-01 challenge for

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Type: unauthorized
Detail: Invalid response from 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Cleaning up challenges
Failed to renew certificate with error: Some challenges have failed.

All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/ (failure)

1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): Nginx version 1.22.0. Compiled from source.

The operating system my web server runs on is (include version): Red Hat Enterprise Linux release 8.8 (Ootpa)

My hosting provider, if applicable, is: NA

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.22.0

Please looking for urgent help. Thanks in advance.

Best Regards,

My domain config is as below:

server {

   access_log    /var/log/nginx/  main;
   include include/error.conf;

location /.well-known/acme-challenge {
    alias /var/www/html/.well-known/acme-challenge;
    try_files $uri =404;

 location / {
        include include/proxy.conf;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

server {
    if ($host = {
        return 301 https://$host$request_uri;
    } # managed by Certbot

   listen 80;
    return 404; # managed by Certbot

Even i added below config in domain config file in it. but still getting same error. My other successfully renewed domain did not have this configuration.

location /.well-known/acme-challenge {
    alias /var/www/html/.well-known/acme-challenge;
    try_files $uri =404;

Looks like you may have solved your issue. The presently being served certificate has

Serial Number: 	35b2047a99da8b805f87a7aa7cbbc15e37d
Not Before: 	Jul 18, 2023 17:18:55 GMT
Not After: 		Oct 16, 2023 17:18:54 GMT 

Yes, Issue is resolved.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.