[SOLVED] The client lacks sufficient authorization / 404 Not Found

Because port 80 is used by pi-hole, I installed NGINX and set the default port to 81.
Then I configured my router to map (type: TCP) the external port 80 to internal port 81.
I tested folders starting with “.” on my NGINX webserver, they can be reached through my domain.
Nevertheless I get below error message.
Please help!

My domain is: home.dontharm.me

I ran this command: sudo certbot certonly --webroot -w /var/www/nginx -d home.dontharm.me

It produced this output:
Failed authorization procedure. home.dontharm.me (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://home.dontharm.me/.well-known/acme-challenge/x1AFvN4lVaR2HyreQuLgosnPZkUeH46gqCp7ZavsHJ8: "

404 Not Found

Not Found


My web server is (include version): NGINX 1.6.2

The operating system my web server runs on is (include version): Raspbian GNU/Linux 8 (jessie)

My hosting provider, if applicable, is: ZIGGO

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

1 Like

Hi @HarmOtten,

If you make a file /var/www/nginx/hello.txt, can you see it at http://home.dontharm.me/hello.txt?

Hi schoen,
Yes, that works perfectly.

Oh, the problem is probably

--webroot and -w are synonyms, so this is equivalent to --webroot --webroot, which is probably not right. You should only use one or the other.

Ok, I tried:
sudo certbot certonly --webroot /var/www/nginx -d home.dontharm.me


certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] …

Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certbot: error: unrecognized arguments: /var/www/nginx

Then I tried:
sudo certbot certonly -w /var/www/nginx -d home.dontharm.me

How would you like to authenticate with the ACME CA?

1: Place files in webroot directory (webroot)
2: Spin up a temporary webserver (standalone)
When I press <1>, same error 404 as in the beginning.

Just a little correction, -w is synonym of --webroot-path :wink:

That means: the original command I ran was correct :slight_smile: , right?

Yes, the command seems right

Oh yeah! Thanks for the correction.

I appreciate @sahsanu’s correcting my mistake here.

OK, so can you also make files show up on your site at /.well-known/acme-challenge?

Yes, works fine too.

Sorry, I’ve no time right now but the problem is that your domain has an AAAA (IPv6) record defined but seems it is not configured correctly on your end. You should review your IPv6 conf or remove the AAAA record.



I deleted the AAAA (IPv6) record in my domain.
That solved it!!! :grinning:
Thanks a lot!! :+1:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.