Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: hl521.me
I ran this command: certbot --nginx (used option 3)
It produced this output:
root@k10 ~# certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginxWhich names would you like to activate HTTPS for?
1: hl521.me
2: files.hl521.me
3: mail.hl521.me
4: nvr.hl521.me
5: unifi.hl521.me
6: www.hl521.me
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 3
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mail.hl521.me
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. mail.hl521.me (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: The key authorization file from the server did not match this challenge "P7Xzecjm2NVqv7DYtTeTvV4zSD7SMLwzrOzjUv54yBw.8ZukyMoL-46saffGWh-AmWuXNTJWsViQDCLz8Emp07w" != ""IMPORTANT NOTES:
The following errors were reported by the server:
Domain: mail.hl521.me
Type: unauthorized
Detail: The key authorization file from the server did not match
this challenge
"P7Xzecjm2NVqv7DYtTeTvV4zSD7SMLwzrOzjUv54yBw.8ZukyMoL-46saffGWh-AmWuXNTJWsViQDCLz8Emp07w"
!= ""To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): Nginx 1.14.2-2
The operating system my web server runs on is (include version): Debian 10 (Buster)
My hosting provider, if applicable, is: N/A, Hosting locally
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No, all via remote shell
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): certbot 0.31.0