Can't get pass ACME challenge on my new domain

Hello, here is some information:

My domain is:

staging.sectorasegurador.es

I ran this command:

certbot/certbot \
    certonly \
    --webroot --webroot-path=/data/letsencrypt \
    -d staging.sectorasegurador.es -d wwwstaging.sectorasegurador.es

It produced this output:

wp_sectorasegurador.staging is up-to-date
nginx is up-to-date
nginx: [warn] conflicting server name "staging.sectorasegurador.es" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "staging.sectorasegurador.es" on [::]:80, ignored
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for staging.sectorasegurador.es
http-01 challenge for www.staging.sectorasegurador.es
Using the webroot path /data/letsencrypt for all unmatched domains.
Waiting for verification...
Challenge failed for domain staging.sectorasegurador.es
Challenge failed for domain www.staging.sectorasegurador.es
http-01 challenge for staging.sectorasegurador.es
http-01 challenge for www.staging.sectorasegurador.es
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: staging.sectorasegurador.es
   Type:   unauthorized
   Detail: Invalid response from https://yoursite.com/
   [185.185.84.210]: "<!DOCTYPE html><html\nclass=\"no-overflow-y
   avada-html-layout-wide\" lang=en-US prefix=\"og: http://ogp.me/ns#
   fb: http://ogp.me/ns/"

   Domain: www.staging.sectorasegurador.es
   Type:   unauthorized
   Detail: Invalid response from https://yoursite.com/
   [185.185.84.210]: "<!DOCTYPE html><html\nclass=\"no-overflow-y
   avada-html-layout-wide\" lang=en-US prefix=\"og: http://ogp.me/ns#
   fb: http://ogp.me/ns/"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version):

Nginx 1.16

The operating system my web server runs on is (include version):

UBUNTU 18.04 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

no

I don’t understand why it is requesting to https://yoursite.com/. It doesn’t make any sense to me…

I wanted to add, that I’m using docker, being my website already reachable and containing a fresh Wordpress instance (I mean, empty database) so the homepage redirects to the process of installing Wordpress.

Right now I just placed a exit() function at the beginning of my index.php.

What am I missing here?

Hi @sadesarrollo

checking your site you see the problem ( https://check-your-website.server-daten.de/?q=staging.sectorasegurador.es ):

Domainname Http-Status redirect Sec. G
http://staging.sectorasegurador.es/
116.203.156.216 200 0.050 H
http://www.staging.sectorasegurador.es/
116.203.156.216 200 0.047 H
https://staging.sectorasegurador.es/
116.203.156.216 -2 1.070 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 116.203.156.216:443
https://www.staging.sectorasegurador.es/
116.203.156.216 -2 1.060 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 116.203.156.216:443
http://staging.sectorasegurador.es/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
116.203.156.216 307 Best Website Builder | Create A Website & Go Online| Yoursite.com 0.046 D
Visible Content: 307 Temporary Redirect nginx
http://www.staging.sectorasegurador.es/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
116.203.156.216 307 Best Website Builder | Create A Website & Go Online| Yoursite.com 0.046 D
Visible Content: 307 Temporary Redirect nginx
Best Website Builder | Create A Website & Go Online| Yoursite.com 302 https://www.yoursite.com 0.346 E
Visible Content:
https://www.yoursite.com 301 https://yoursite.com/ 0.684 A
Visible Content: Moved Permanently The document has moved here .
https://yoursite.com/ 200 0.660

If you use http-01 validation, you must create a file in /.well-known/acme-challenge, Letsencrypt checks that file.

But there is a redirect to acme.yourdomain.com, next to www.yoursite.com.

Looks like your provider Hetzner

Host T IP-Address is auth. ∑ Queries ∑ Timeout
staging.sectorasegurador.es A 116.203.156.216
Nuremberg/Bavaria/Germany (DE) - Hetzner yes 1 0
AAAA yes

blocks /.well-known/acme-challenge, so you can't create a certificate using http-01 validation.

You may try dns-01 validation.

Read

PS: Or ask Hetzner if they create an exception. But I don't know if this is possible. If they don't want, then it's bad.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.