404 Not Found when creating certificate

#1

My domain is:
www.creasticbracelet.com

I ran this command:
certbot --nginx -d creasticbracelet.com -d www.creasticbracelet.com

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for creasticbracelet.com
http-01 challenge for www.creasticbracelet.com
nginx: [warn] conflicting server name “creasticbracelet.com” on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name “www.creasticbracelet.com” on 0.0.0.0:80, ignored
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. creasticbracelet.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://creasticbracelet.com/.well-known/acme-challenge/c9sKH8-jjv3OovbwJXYIBPTuj_GMDjFxTFuPF8n469Y [188.166.173.141]: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n

404 Not Found

\r\n
”, www.creasticbracelet.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.creasticbracelet.com/.well-known/acme-challenge/x3_9e1bEW-jnJWh8AcytXoHcbCqLp6qCY3Tj9j42gxQ [188.166.173.141]: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n

404 Not Found

\r\n
IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: creasticbracelet.com
   Type:   unauthorized
   Detail: Invalid response from
   http://creasticbracelet.com/.well-known/acme-challenge/c9sKH8-jjv3OovbwJXYIBPTuj_GMDjFxTFuPF8n469Y
   [188.166.173.141]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
   Not Found</h1></center>\r\n<hr><center>"

   Domain: www.creasticbracelet.com
   Type:   unauthorized
   Detail: Invalid response from
   http://www.creasticbracelet.com/.well-known/acme-challenge/x3_9e1bEW-jnJWh8AcytXoHcbCqLp6qCY3Tj9j42gxQ
   [188.166.173.141]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
   Not Found</h1></center>\r\n<hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version):
nginx version: nginx/1.10.3 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 16.04.5 LTS

Hosting : Digital Ocean
Login Root: YES
No control panel.
The version of my client is: certbot 0.28.0

I am able to access :
http://www.creasticbracelet.com/.well-known/acme-challenge/1234

This website is a CMS. It had a cert created with certbot.
I couldn’t renew it, I had the same error 404.
After hours of tests and search on letsencrypt forum I arrived to point where now :

I remove the CMS in another temp folder to have a clean website.
I removed the tuned vhost to create a new clean one too.

Here is my current vhost :

server {

Replace this port with the right one for your requirements

listen 80; #could also be 1.2.3.4:80

Multiple hostnames separated by spaces. Replace these as well.

server_name creasticbracelet.com www.creasticbracelet.com; # Alternately: _

root /var/www/creasticbracelet.com/html;
default_type text/html;

index index.php index.html index.htm;

static file 404’s aren’t logged and expires header is set to maximum age

location ~* .(jpg|jpeg|gif|css|png|js|ico|html)$ {
access_log off;
expires max;
}

location ~ /.ht {
deny all;
}
}

#2

Hi @ced

looks like you have duplicated definitions. So Certbot can’t find the correct vHost.

What says

nginx -T

Every combination port + domain name should be unique.

1 Like
#3

Thank you so much @JuergenAuer for this answer.

nginx -T
returns 2557 lines.

The only lines that contains %creastic% are :

Line 1081: # configuration file /etc/nginx/sites-enabled/creasticbracelet.com:
Line 1087:   server_name creasticbracelet.com www.creasticbracelet.com; # Alternately: _
Line 1087:   server_name creasticbracelet.com www.creasticbracelet.com; # Alternately: _
Line 1089:   root /var/www/creasticbracelet.com/html;

Maybe the issue is related to a default vhost?

#4

If this

works, you have found your correct webroot. So use it.

certbot run -a webroot -i nginx -w pathToYourWebroot -d www.creasticbracelet.com -d creasticbracelet.com
1 Like
#5

Thank you so much @JuergenAuer !!
It solved my problem.

1 Like