Fix: Failed Authorization Procedure. Client Lacks Sufficient Authorization. – Let’s Encrypt SSL

If you are trying to obtain an SSL certificate using Let’s Encrypt’s certbot, you may receive an unauthorized error for the www or *. version of your domain name and the verification fails repeatedly.

The command you use:

sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com

The error:

Failed authorization procedure. www.example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from.

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: www.example.com

Type:   unauthorized

Detail: Invalid response from

To fix these errors, please make sure that your domain name was

entered correctly and the DNS A/AAAA record(s) for that domain

contain(s) the right IP address.

Let’s Encrypt instructs you to check your hosting DNS to ensure your pointing to both www and *. variations of your domain, which you are very likely already doing.

The issue is most likely with URL rewrite rules you specified in your .htaccess file in your webroot directory. When ACME tries to get the variations of your domain name, it may be re-directed from the www version of your site.

Use the following RewriteCondition and place at the top of any other RewriteConditions in your .htaccess file to allow ACME to validate all versions of your domain name. You can remove it after you are issued your certificate.

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.
RewriteCond %{HTTPS}s ^on(s)|off
RewriteCond http%1://%{HTTP_HOST} ^(https?://)(www\.)?(.+)$
RewriteRule ^ %1%3%{REQUEST_URI} [R=301,L]