Unauthorized Invalid response from /.well-known/acme-challenge

I am using aws ligthsail ubuntu 20.04, nginx, laravel project.
I run this command

sudo certbot --nginx

If you can provide your domain perhaps we could tell you why but generally your firewall (both on the server and any cloud/vm hosting networking settings) needs to allow http://<yourwebsite> (not just https://<yourwebsite> which means having TCP port 80 open.)


Sure my domain is


I run this command

sudo ufw status

To Action From

22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)

Great, let's debug thinks you should be all good: https://letsdebug.net/www.surfbeverage.link/1523768?debug=y

Here is a short nginx guide for certbot: Update: Using Free Let’s Encrypt SSL/TLS Certificates with NGINX - NGINX [Edit: I've been advised this isn't a good/up-to-date example, see the official certbot guide instead Certbot Instructions | Certbot]

What exact certbot command are you using? I assume it's:

sudo certbot --nginx -d surfbeverage.link -d www.surfbeverage.link

And that your current nginx server block looks more or less like (in particular the server_name part):

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    root /var/www/html;
    server_name surfbeverage.link www.surfbeverage.link;

If so, what exact error output do you see?


Please use the #help questionnaire entirely and please post the entire Certbot output instead of just the gist:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):


I am still facing error.

sudo certbot --nginx

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.

1: xxxx.link
2: www.xxxx.link

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Requesting a certificate for surfbeverage.link and www.xxxx.link

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: xxxx.link
Type: dns
Detail: no valid A records found for xxxx.link; no valid AAAA records found for xxxx.link

Domain: www.xxxx.link
Type: unauthorized
Detail: Invalid response from http://www.xxxx.link/.well-known/acme-challenge/7cLXDfTv3olu5Exdr8ql-6pkcbXB9EHQrMzt9JvXl20: "\n<html lang="en">\n\n\n <link rel="shortcut icon" sizes="114x70" href="http://www.xxxx.link/img/logo."

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

What happened to the DNS entries?


Just to clarify, the current problem is that www.surfbeverage.link has a working IP address [] in DNS but surfbeverage.link has nothing. They both need to resolve to the same IP.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.