Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: nchanga.com
I ran this command:certbot certonly -a webroot --webroot-path=/usr/share/nginx/html -d nchanga.com -d www.nchanga.com -d mail.nchanga.com
It produced this output:
root@mail:/etc/letsencrypt/renewal# certbot certonly -a webroot --webroot-path=/usr/share/nginx/html -d nchanga.com -d www.nchanga.com -d mail.nchanga.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for nchanga.com
http-01 challenge for www.nchanga.com
http-01 challenge for mail.nchanga.com
Using the webroot path /usr/share/nginx/html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. nchanga.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://mail.nchanga.com/.well-known/acme-challenge/IRvxHWEAZHs934Vi7vR0KJj3lXiN7u_PgvBNIs_dbgs [155.93.238.213: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n
404 Not Found
\r\n”, www.nchanga.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://mail.nchanga.com/.well-known/acme-challenge/Qd5qQvnsrT5esk4XCix03iHpcf4fTC3Tq1q2MQiCX9w [155.93.238.213: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n
404 Not Found
\r\n”, mail.nchanga.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://mail.nchanga.com/.well-known/acme-challenge/Q3KdIu1Ns7yugBE9ehXhbb-DTHKKVxMGKAbuODMi–8 [155.93.238.213: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n
404 Not Found
\r\n”
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: nchanga.com
Type: unauthorized
Detail: Invalid response from
https://mail.nchanga.com/.well-known/acme-challenge/IRvxHWEAZHs934Vi7vR0KJj3lXiN7u_PgvBNIs_dbgs
[155.93.238.213: “\r\n404 Not
Found\r\n<body bgcolor=“white”>\r\n
404
Not Found
\r\n”
Domain: www.nchanga.com
Type: unauthorized
Detail: Invalid response from
https://mail.nchanga.com/.well-known/acme-challenge/Qd5qQvnsrT5esk4XCix03iHpcf4fTC3Tq1q2MQiCX9w
[155.93.238.213: “\r\n404 Not
Found\r\n<body bgcolor=“white”>\r\n
404
Not Found
\r\n”
Domain: mail.nchanga.com
Type: unauthorized
Detail: Invalid response from
https://mail.nchanga.com/.well-known/acme-challenge/Q3KdIu1Ns7yugBE9ehXhbb-DTHKKVxMGKAbuODMi–8
[155.93.238.213: “\r\n404 Not
Found\r\n<body bgcolor=“white”>\r\n
404
Not Found
\r\n”
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
My web server is (include version): nginx
The operating system my web server runs on is (include version): rasbian
My hosting provider, if applicable, is: n/a
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): no result.
The strange thing this was working for ages, auto-renewing like clockwork. Nothing has changed.