Where in your nginx configuration are you referring to this specific directory? I can't find it.
Also, what's the Certbot output? It was one of the questions of the questionnaire:
When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it. In any case, all the answers to this questionnaire are required:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
That said, Let's Debug has found an issue: Let's Debug.
Feels like someone manually editing renewal profiles. We really need to know the commands they are trying and the errors that result as requested on the form.
Not sure what the purpose of below would be with --nginx authenticator. It makes the needed challenge "return" directly in the nginx config.
But, as you say if this is a github hosted site they won't have control of its nginx for that to work.
Could also be a relic from past certificate issuances, as they stated it was "painful", used DNS and couldn't renew, all pointing to usage of the --manual plugin with the dns-01 challenge (without hooks).
I did that and it didn't return any errors. But I think I did that when I created the initial certificates and it didn't showed error, but ultimately didn't renew.
Now that it's working via http, I'm more confident.