Acme challenge accessable via browser but certbot fails

I ran this command:
sudo certbot certonly --webroot -w /var/www/html -d mywebsite.com -v --debug-challenges

It produced this output:

Challenge failed for domain mywebsite.com
http-01 challenge for mywebsite.com

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: mywebsite.com
Type: connection
Detail: some-ip: Fetching mywebsite.com is available for purchase - Sedo.com Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Cleaning up challenges
Some challenges have failed.

My web server is (include version):
nginx version: nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version):
ubuntu 22.04

I can login to a root shell on my machine (yes or no, or I don't know):
YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
2.10.0

I can access the acme challenge file via the browser but certbot fails and the nginx (error.log) reports:

2024/05/15 13:13:38 [error] 25055#25055: *1000 open() "/var/www/html/.well-known/acme-challenge/HEqwMoxJRmGzvWz2iqY8yF0N-2aU64-BR-6iplHReZE" failed (2: No such file or directory), client: some-ip, server: mywebsite.com, request: "GET /.well-known/acme-challenge/HEqwMoxJRmGzvWz2iqY8yF0N-2aU64-BR-6iplHReZE HTTP/1.1", host: "mywebsite.com"

via browser (nginx access.log):
some-ip - - [15/May/2024:13:13:38 +0000] "GET /.well-known/acme-challenge/HEqwMoxJRmGzvWz2iqY8yF0N-2aU64-BR-6iplHReZE HTTP/1.1" 404 134 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0"

I never had such a problem. It is a different ISP, maybe they block the access for lets encrypt?

It's going to be hard for people here to help you without knowing the actual domain name. (And using a placeholder name that's someone else's name makes things even weirder.)

But yes, it seems likely that your firewall is blocking requests from parts of the Internet, but not from where you're testing from.

You may want to try some of the online tools listed under "What tools are out there to help check my domain's accessibility from around the world?" in this FAQ:

5 Likes

Thx! I will look into that!

1 Like