Unable to renew certificate

Below is the error message when renewing the certificate

Attempting to renew cert (urbanisme.amiens-metropole.com) from /etc/letsencrypt/renewal/urbanisme.amiens-metropole.com.conf produced an unexpected error: Failed authorization procedure. aweb.amiens-metropole.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: 91.199.234.238: Invalid response from http://aweb.amiens-metropole.com/.well-known/acme-challenge/-LO0xWH6dybxYHjoXz8tGZY6KdpaGbSO3hJo5PwNw-A: 401. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/urbanisme.amiens-metropole.com/fullchain.pem (failure)

thank you for your help

The 401 in that error means that request was rejected by your server with an HTTP 401 Not Authorized.

Right now I see a different response to a sample HTTP Challenge. But, this also indicates some kind of error on your "4D" server. I am not familiar with that but are you able to check that it is operating correctly?

curl -i http://aweb.amiens-metropole.com/.well-known/acme-challenge/TEst404

HTTP/1.1 503 Service Unavailable
Connection: close
Server: 4D/16.0.5
WWW-Authenticate: Digest realm="AvenioV11.5.4DC", qop="auth", nonce="212619907378628:11efd56510bc3bfa1846596fcf6bd8d6", algorithm="MD5", domain="/.well-known/acme-challenge/TEst404"

Great!

What help exactly do you require? Could you perhaps elaborate? A little bit more than just copy/pasting an error and expecting volunteers to put in the effort instead of you? A little bit of effort like, I don't know, not deleting the entire questionnaire?

When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it (and make our life a lot harder). In any case, all the answers to this questionnaire are required:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Some added info about that 503 error. If I use a user-agent string with the curl request I also get the 401 Not Authorized. Something is doing an unusual filtering of requests to your domain. See the -A string at the end of the curl command below.

You will need to consult with whoever operates that server or possibly your network team

curl -i http://aweb.amiens-metropole.com/.well-known/acme-challenge/Test404  -A "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

HTTP/1.1 401 Unauthorized
Connection: close
Date: Tue, 22 Jul 2025 13:45:00 GMT
Server: 4D/16.0.5
WWW-Authenticate: Digest realm="AvenioV11.5.4DC", qop="auth", nonce="212619908700670:f9559c1577e32cf6fe908a7b79c1a7c7", algorithm="MD5", domain="/.well-known/acme-challenge/Test404"