Renew ssl certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: url hosting

I ran this command: certbot certonly --force-renew -d

It produced this output:
Failed authorization procedure. (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from "\n<html lang="en">\n\n\n <meta charset="utf-8" />\n <link rel="icon" href="/images/amepos-mg.png" />\n <meta n"


My web server is (include version):Debian 4.19.194-2 (2021-06-21) x86_64 GNU/Linux

The operating system my web server runs on is (include version): digitalocean

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 0.31.0
DNS record is correctly given matched with ipaddress

How did you get your certificate the first time around?

Show us /etc/letsencrypt/renewal and the files inside.

And don't use --force-renewal, forget the option even exists, please :smiling_imp:


I use saltstack, letsencrypt formula, salt minion state.apply letsencrypt,
now my website is not secure. so i want to renew now ssl certificate.
actually salt stack renews ssl certificate automatically, i apply the command salt minion state.apply letsencrypt, same error failed authorization and manually also same error.
please help me out.
/etc/letsencrypt/renewal: i have file: archive_dir = /etc/letsencrypt/archive/
cert = /etc/letsencrypt/live/
privkey = /etc/letsencrypt/live/
chain = /etc/letsencrypt/live/
fullchain = /etc/letsencrypt/live/

Options used in the renewal process

account = 775696bf6af5e166cf92ff4bbac791c3
server =
authenticator = webroot
webroot_path = /var/www/html,
[[webroot_map]] = /var/www/html

Run this command:

certbot renew --nginx --cert-name ""

1 Like

I get this error after running the command certbot renew --nginx --cert-name ""

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/

An error occurred while parsing /etc/letsencrypt/renewal/ The error was Too many flags setting configurators/installers/authenticators 'webroot' -> 'nginx'. Skipping the file.

No renewals were attempted.

Additionally, the following renewal configurations were invalid:
/etc/letsencrypt/renewal/ (parsefail)

0 renew failure(s), 1 parse failure(s)

strange. your certbot is too old for that, maybe.

check your nginx config for a root /some/directory; directive (there may be several, find them all)

grep -ir 'root ' /etc/nginx

1 Like

/etc/nginx/scgi_params:scgi_param DOCUMENT_ROOT $document_root;
/etc/nginx/sites-enabled/amechain.conf: root /usr/share/nginx/html;
/etc/nginx/sites-enabled/ root /usr/share/nginx/html;
/etc/nginx/sites-enabled/default: root /var/www/html;
/etc/nginx/sites-enabled/default:# root /var/www/;
/etc/nginx/fastcgi.conf:fastcgi_param DOCUMENT_ROOT $document_root;
/etc/nginx/sites-available/default: root /var/www/html;
/etc/nginx/sites-available/default:# root /var/www/;
/etc/nginx/fastcgi_params:fastcgi_param DOCUMENT_ROOT $document_root;
/etc/nginx/uwsgi_params:uwsgi_param DOCUMENT_ROOT $document_root;

Is your website actually in that directory? That's unusual.

go with certbot renew --webroot -w /usr/share/nginx/html --cert-name ""

1 Like

No, its in /etc/nginx/sites-enabled/

That's one of the nginx config files. The files for the website, where are they?

1 Like

The files for the website means project code rt?

I mean the directory from which nginx serves static files.

1 Like

Okay, its /var/www/html/index.html

Please show this file:

1 Like

Can i what information is needed from conf file?

Mainly the line that defines root
But there may also be location statements that affect the challenge request.
And there is also a redirect to HTTPS that might be part of the problem.

1 Like

These don't match:

But it might be the first one because the HTTP site redirects to HTTPS and the HTTPS site uses the shorter root
[just guessing since you haven't shown the files]

1 Like

authenticator: webroot.
webroot-path: /var/www/html
conf file is in /etc/nginx/sites-enabled/.conf
we have path of ssl certificate in conf file, /etc/letsencrypt/live/domain/fullchain.pem

You fail to show the file(s) and fail to find the problem.
The secrecy is ridiculous.
Maybe someone else can help you - I can't help more without seeing the files that create the problem.


Sorry for late reply, will share my nginx file.
server {
listen 80;

return 301 https://$host$request_uri;


server {
listen 443 ssl http2;
listen [::]:443 ssl http2;

ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
ssl_session_tickets off;

# curl > /path/to/dhparam
# ssl_dhparam /etc/nginx/ssl/dhparam;

# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ;
ssl_prefer_server_ciphers off;

# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;

ssl_trusted_certificate /etc/letsencrypt/live/; 

# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;

resolver valid=300s;
resolver_timeout 5s;

location / {
    include proxy_params;

error_page   500 502 503 504  /50x.html;
location = /50x.html {
    root   /usr/share/nginx/html;

access_log /var/log/nginx/;
error_log /var/log/nginx/;