I tried to issue a number of certificates for .com and .pl domains. All parameters, etc. are the same, just the TLDs are different:
.com TLD works fine,
.pl TLD fails.
see more:
.pl TLD
# ./letsencrypt-auto certonly -a webroot --agree-tos --renew-by-default --webroot-path=(path)(domain).pl/ -d (domain).pl
Updating letsencrypt and virtual environment dependencies......
Requesting root privileges to run with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt certonly -a webroot --agree-tos --renew-by-default --webroot-path=(path)(domain).pl/ -d (domain).pl
Failed authorization procedure. domain.pl (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://(domain).pl/.well-known/acme-challenge/(hash) [(IP)]: 403
IMPORTANT NOTES:
- The following 'urn:acme:error:unauthorized' errors were reported by
the server:
Domains: (domain).pl
Error: The client lacks sufficient authorization
.com TLD
# ./letsencrypt-auto certonly -a webroot --agree-tos --renew-by-default --webroot-path=(path)(domain).com/ -d (domain).com
Updating letsencrypt and virtual environment dependencies......
Requesting root privileges to run with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt certonly -a webroot --agree-tos --renew-by-default --webroot-path=(path)(domain).com/ -d (domain).com
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/(domain).com/fullchain.pem. Your cert will
expire on 2016-04-09. To obtain a new version of the certificate in
the future, simply run Let's Encrypt again.
- If you like Let's Encrypt, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Any clues?