[Goal: Cronjob] The auto renewal of Let's Encrypt certifikates don't work | Error "The client lacks sufficient authorization"

System configuration notes:

Nextcloud version (eg, 12.0.2) : 16.0.3
Operating system and version (eg, Ubuntu 17.04) : Raspbian GNU/Linux 10 (buster)
Apache or nginx version (eg, Apache 2.4.25) : nginx/1.14.2
PHP version (eg, 7.1) : 7.3

The issue you are facing:

Unfortunately I have some problems with the automated renewal of Let’s Encrypt certificates.

When I try with the command

sudo certbot certonly --dry-run --noninteractive --agree-tos --email test@mail.de --webroot -w /var/www -d subdomain.domain.com

to renew a certificate in test mode, then I get the error message

... The client lacks sufficient authorization :: Invalid response from https://subdomain.domain.de/.well-known/acme-challenge/longstring

I’m not quite sure which is the webroot directory. I assume it is the directory where I put in my Nextcloud installation. This is in a folder named cloud under /var/www, so I assume that /var/www is my webroot directory.

I’ve had the same problem before. At that time I simply had tried the command

sudo certbot certonly d- Subdomain.domain.com

and everything went. No idea what the problem is now. I would be very happy if you could help me. In that case I would also set up a cronjob for the automated renewal.

Is this the first time you’ve seen this error? (Y/N): N

Kindly Regards,



Today i’v tried again to find some stuff at the web round about my problem and have found a site about the same error message based on a try to get a let’s encrypt certificate vor an apache2 configuration. I’m not sure, if it work exactly that way for nginx, but i will try it end report.

May be you would like to comment my source, especially if i’m going the wrong path?

Here i find the article!

Update: I’m not sure but i think i have found may be a better way. It exists for nginx-servers a nginx-plug-in for certbot i’ve read in the certbot documentation. I give it a try in testmode:

sudo apt-get install python-certbot-nginx 
sudo certbot certonly --debug-challenges --nginx --dry-run --noninteractive --agree-tos --email example@email.de -d subdomain.domain.de

The test was successfull. That leads to some other questions before i will write the last command in a cron job:

  • I only can use the webroot or the nginx-plugin but not both in one command. What’s here the difference for both? I know that if i use the webroot-plugin, i have to specify the webroot-folder e.g. with –webroot -w /var/www.
  • Why the certification process failed with the webroot-plug in but did not with the nginx-plugin?
  • I get the same certificates in the same folder no matter which method i choose?

Would be great if i find someone to discuss with.