Problem renew certificate certbot

Hello I have a problem to renew certificate let’s encrypt with certbot this error is:
~$ sudo /usr/bin/certbot renew --renew-hook "/bin/systemctl reload nginx"
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/

Cert not yet due for renewal

Processing /etc/letsencrypt/renewal/

Cert is due for renewal, auto-renewing…
Starting new HTTPS connection (1):
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for
http-01 challenge for
Waiting for verification…
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/ produced an unexpected error: Failed authorization procedure. (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from "

404 Not Found

404 Not Found

". Skipping.

The following certs are not due for renewal yet:
/etc/letsencrypt/live/ (skipped)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/ (failure)
1 renew failure(s), 0 parse failure(s)


Hi @onzulin,

It seems that you are using a location directive to specify a direferent root for /.well-known/acme-challenge/ requests so you need to check that the root or alias directive is using the same path as you have it defined in the certbot renewal conf file /etc/letsencrypt/renewal/

To test, it, put a test file inside the path to your webroot path and try to get that file with your browser or qith curl if you prefer the command line.

echo -n "This is a test" > /path/to/your/webroot/.well-known/acme-challenge/test

Now try to reach that file with your browser:

or with curl:

curl -ikL

Once you can get that file, you should be able to renew your certificate.

You can also check the errors in nginx, them could give you a clue where it is trying to get the challenge and why it is failing.


Thank you for your response, you say that defined certbot reneewal conf file /etc/letsencrypt/renewal/, I had bad configuration path in the file, I have changed the path on run the command /usr/bin/certbot renew --renew-hook “/bin/systemctl reload nginx” and run wothout errors, thank you very much sahsanu.

1 Like

Note (IPv6 is at play):

Addresses: 2a01:7e01::f03c:91ff:fe1f:2aa9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.