Using certbot to apply Let's Encrypt Certificate: Failed authorization procedure

I am using certbot to apply Let's Encrypt certificate,my server is centos 7.2 and nginx 1.11.9.what does this mean below?

[root@test ~]# certbot certonly --webroot -w /var/www/www.example.com -d example.com -d www.example.comFailed authorization procedure. example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.com/.well-known/acme-ch<head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>", www.example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.example.com/.well-known/acme-challenge/k<head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>"IMPORTANT NOTES: - If you lose your account credentials, you can recover through   e-mails sent to example@example.com. - The following errors were reported by the server:   Domain: example.com   Type:   unauthorized   Detail: Invalid response from   http://example.com/.well-known/acme-challenge/wGNv57IGJjHQ9wyzzALktpNaPzfnTtN3m7u3QuO4p40:"<html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>"   Domain: www.example.com   Type:   unauthorized   Detail: Invalid response from   http://www.example.com/.well-known/acme-challenge/kFJ0CSuKOdgcT2xmciB4GGNCcnUPoIbpQmA9jOII_Bk:"<html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>"   To fix these errors, please make sure that your domain name was   entered correctly and the DNS A record(s) for that domain   contain(s) the right IP address. - Your account credentials have been saved in your Certbot   configuration directory at /etc/letsencrypt. You should make a   secure backup of this folder now. This configuration directory will   also contain certificates and private keys obtained by Certbot so   making regular backups of this folder is ideal.

I can access example.com and www.example.com,and there is a note in docs: https://certbot.eff.org/#centosrhel7-nginx

Note: To use the webroot plugin, your server must be configured to serve files from hidden directories. If /.well-known is treated specially by your webserver configuration, you might need to modify the configuration to ensure that files inside /.well-known/acme-challenge are served by the webserver.

Is that the reason?How to modify the configuration?