Nginx Proxy urn:acme:error:unauthorized


Hi Everyone,

I have facing a problem of let’s encrypt on reverse proxy

Here is my proxy Server Configuration :

server {
server_name *;

location ‘/.well-known/acme-challenge’ {

default_type “text/plain”;


location / {

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;



At the webserver (

I create a config for webroot authentication :

domains =
rsa-key-size = 4096
server =
email =
text = True
authenticator = webroot
webroot-path = /var/www/laravel

also I create a symbolic link on my web-root folder

ln -s /var/www/laravel/public/letsencrypt-auto -> /tmp/letsencrypt-auto

I run the command under /opt/letsencrypt (my letsencrypt installed folder) :

sudo ./letsencrypt-auto --config /etc/letsencrypt/configs/ certonly

It returns:

Requesting root privileges to run with virtualenv: /home/user/.local/share/letsencrypt/bin/letsencrypt --config /etc/letsencrypt/configs/ certonly
Failed authorization procedure. (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from []: 502


  • The following ‘urn:acme:error:unauthorized’ errors were reported by
    the server:

Error: The client lacks sufficient authorization

Any help would be much appreciated


Hello @Dannato2019,

My nginx knowledge is very limited but here several issues:

1.- If you use server_name *; it will only match, etc. but won’t match, if you want this behaviour it is ok, if you also want to match use nginx special wildcard server_name;

2.- As far as I know, location uri should not be enclosed by ' ' so you should remove them:
location /.well-known/acme-challenge {

3.- You don’t show your web server conf on but you said that your web root is /var/www/laravel/public/letsencrypt-auto but in letsencrypt config file you define it as webroot-path = /var/www/laravel so the challenge should be located on /var/www/laravel/.well-known/acme-challenge/random-file-challenge…seems you are messing the conf.

4.- The error you get is 502, usually a bad gateway error, the first thing you should do is check that you can connect to your server. Create a dummy file like test in your web-root + .well-known/acme-challenge/ dir and try to get it:

curl -i

5.- Check your nginx logs.

Good luck,