Hello, I’m trying to set up Let’s crypt SSL certificate on a server running Apache following this tutorial for the domain clinicapragma.com.br. I follow everything to the risk, but when I run sudo certbot renew –dry-run, I receive an output with the following errors:

Attempting to renew cert (yourdomain.com.br) from /etc/letsencrypt/renewal/yourdomain.com.br.conf produced an unexpected error: Failed authorization procedure. www.yourdomain.com.br (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.yourdomain.com.br/.well-known/acme-challenge/uCyqlVSFmcCpFWcBQ0HWF-ilE8ReqpVgKvV6TGDhjgM []: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p". Skipping.


The following certs could not be renewed:
  /etc/letsencrypt/live/yourdomain.com.br/fullchain.pem (failure)

I’m a newbie and I’m having a hard time figuring out how to solve this problem. Could someone please help me?

edited by alexdo

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
4 answers

Hello, @renatov

Can you please confirm if the fullchain file is present: /etc/letsencrypt/live/yourdomain.com.br/fullchain.pem

Also I will suggest to check our latest tutorial for Ubuntu 18.04:


Looking forward to your reply.


by Kathleen Juell
by Erika Heidi
Let's Encrypt is a Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers. In this tutorial, you will use Certbot to obtain a free SSL certificate for Apache on Ubuntu 18.04 and set up your certificate to renew automatically.

Hello @alexdo

Thank you for your reply. I think the file you mentioned is present, but it’s seems to be a link to another file:

$ sudo ls -l /etc/letsencrypt/live/clinicapragma.com.br/
total 4
lrwxrwxrwx 1 root root  44 Dec  2 00:30 cert.pem -> ../../archive/clinicapragma.com.br/cert2.pem
lrwxrwxrwx 1 root root  45 Dec  2 00:30 chain.pem -> ../../archive/clinicapragma.com.br/chain2.pem
lrwxrwxrwx 1 root root  49 Dec  2 00:30 fullchain.pem -> ../../archive/clinicapragma.com.br/fullchain2.pem
lrwxrwxrwx 1 root root  47 Dec  2 00:30 privkey.pem -> ../../archive/clinicapragma.com.br/privkey2.pem
-rw-r--r-- 1 root root 692 Dec  2 00:30 README

By the way, it only has read access as root. Is everything the way it should be? Concerning the tutorial you mentioned, I must stick with Ubuntu 14.04 until 04/2020. I can’t afford to install and configure the whole server just now, but I’m scheduling to do it when Ubuntu 20.04 LTS is out. I’d like to keep going with Ubuntu 14.04 until then. Everything is working just fine, I just need to provide a HTTPS to this domain and everything is running ok.

Hello, @renatov

This looks okay from what I can see. Let’s encrypt creates those symlinks so it’s fine.

You can also check if the yourdomain.com.br/.well-known/acme-challenge directory is present and if it has sufficient permissions (both .well-known and acme-challenge are 755)

Let me know how it goes.


  • There is no such directory:

    $ ls -a
    .  ..  index.html
    $ ls -l
    total 4
    -rw-rw-r-- 1 rvernucio rvernucio 325 Dec  2 00:12 index.html

    My other 2 domains, which I successfully set their SSL using Let’s Encrypt in the begining of 2019 (about 10 months ago), don’t have this directory too. Maybe something changed in Let’s Encrypt? I don’t get what’s the problem exactly.

    • Hello, @renatov

      What happens when you run the following command:

      ./letsencrypt-auto --test-cert --apache --domain yourdomain.com

      You need to change yourdomain.com with your actual domain name.

      Let me know how it goes.


The command letsencrypt-auto was not found and find / -name letsencrypt-auto didn’t find anything. I think this command is deprecated. Some more informations: as I said in the original post, there are 2 other domains that were created about 10 months ago which HTTPS are working fine. This new domain I’m trying to create using the exact same method is giving this ACME error. The thing is, when I run sudo certbot renew –dry-run, the output shows that the ACME validation fails to the 3 domains (it fails to the new one I’m trying to create and to the other 2 that are already validated and running fine). So, I think if I created this new domain 10 months ago, it would probably be working just fine. Also, if I was creating those 2 other (old) domains now, they would provide some error too. My guess is that some update in Let’s Encrypt added this ACME validation as necessary, which doesn’t work on Ubuntu 14.04. I don’t know if this makes sense, but if it does, maybe I should roll back Let’s encrypt to an older version, or understand why the new version doesn’t work on Ubuntu 14.04 anymore. I’m currently running certbot version 0.28.0 in Ubuntu 14.04.