The client lacks sufficient authorization while registering for a test certificate


Hi there,

This is my first post here and I’m facing a problem with automating the renew process with letsencrypt.

I’ve created a test site at and I want to obtain a test certificate for that site. I’ve created a include file for Apache with contents:

Alias /.well-known/acme-challenge/ "/var/www/acme-challenge/"
<Directory "/var/www/acme-challenge/">
    AllowOverride None
    Options Indexes SymLinksIfOwnerMatch IncludesNoExec
    Require method GET POST OPTIONS
    Require all granted
    ForceType 'text/plain'
    AddDefaultCharset Off

/var/www/acme-challenge/ is owned by the apache user and has 777 permissions. I include this config file in my testsite vhost file. If I try to access from the browser Apache returns a listing of the files inside the directory, so, this alias directory is accessible from the browser.

I execute this command (as root) to obtain the certificate:

certbot certonly --webroot --test-cert -w /home/www/vhosts/testsite/ -d -v

I get a 404 error:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Using the webroot path /home/www/vhosts/testsite for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<title>404 Not Found</title>
<h1>Not Found</h1>

- The following errors were reported by the server:

Type:   unauthorized
Detail: Invalid response from
<title>404 Not Found</title>
<h1>Not Found</h1>

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

What is the error here? In the vhost access log I get this: - - [21/Apr/2017:20:17:54 +0300] "GET /.well-known/acme-challenge/JhzOOYXG8xo83LFJZJVRFtoQ-L6snyHiSXyqdHAHc3Q HTTP/1.1" 404 268 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +"

Any help would be greatly appreciated!


Hi @lourdas,

Change your alias from:

Alias /.well-known/acme-challenge/ "/var/www/acme-challenge/"


Alias /.well-known/acme-challenge/ "/var/www/acme-challenge/.well-known/acme-challenge/"

Then restart or reload apache and change the root dir for your domain in certbot command:

certbot certonly --webroot --test-cert -w /var/www/acme-challenge/ -d -v

And try again.



Thanks. This did the trick.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.