Hey, I'm sure this has been asked a million times but I can't seem to find a definitive solution, here or anywhere else.
I've been trying to run a renew command, but the challenge returns a 404 every single time, despite several attempted fixes.
My domain is: 99ids.fr
I ran this command: sudo certbot renew --nginx -v
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/99ids.fr.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate for 99ids.fr and www.99ids.fr
Performing the following challenges:
http-01 challenge for 99ids.fr
http-01 challenge for www.99ids.fr
Waiting for verification...
Challenge failed for domain 99ids.fr
Challenge failed for domain www.99ids.fr
http-01 challenge for 99ids.fr
http-01 challenge for www.99ids.fr
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: 99ids.fr
Type: unauthorized
Detail: 2001:41d0:401:3200::2d8b: Invalid response from http://99ids.fr/.well-known/acme-challenge/1ayWH3vdI2wMoIixjVMc1lkbZ8OhiSexfgm3qus2sos: 404
Domain: www.99ids.fr
Type: unauthorized
Detail: 2001:41d0:401:3200::2d8b: Invalid response from http://www.99ids.fr/.well-known/acme-challenge/DALrXeEnxvk0F3PwFl22c1TpB5JfdzF_ZKB8wi940Es: 404
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
Cleaning up challenges
Failed to renew certificate 99ids.fr with error: Some challenges have failed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/www.99ids.fr.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Certificate is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate for www.99ids.fr
Failed to renew certificate www.99ids.fr with error: urn:ietf:params:acme:error:rateLimited :: There were too many requests of a given type :: too many failed authorizations (5) for "www.99ids.fr" in the last 1h0m0s, retry after 2025-12-02 08:04:01 UTC: see https://letsencrypt.org/docs/rate-limits/#authorization-failures-per-hostname-per-account
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/99ids.fr/fullchain.pem (failure)
/etc/letsencrypt/live/www.99ids.fr/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 renew failure(s), 0 parse failure(s)
My web server is: nginx 1.26.3
The operating system my web server runs on is (include version): Debian 13
My hosting provider, if applicable, is: OVH
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is: certbot 4.0.0
My nginx config:
server {
listen 80;
server_name 99ids.fr www.99ids.fr;
location /.well-known/acme-challenge/ {
root /var/www/html;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name 99ids.fr www.99ids.fr;
ssl_certificate /etc/letsencrypt/live/99ids.fr/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/99ids.fr/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://localhost:5173;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /ping {
proxy_pass http://localhost:3100/ping;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Also Let's Debug shows no apparent issue: Let's Debug
I can't figure out what's happenning here. All I get is an unsecured website warning and a headache, but I might be too sleep deprived now.
Any help's appreciated, Thanks for your time.