Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command: sudo certbot --nginx -d quanly.tiengtrung3h.com
It produced this output:
- The following errors were reported by the server:
Domain: quanly.tiengtrung3h.com
Type: unauthorized
Detail: Invalid response from
https://quanly.tiengtrung3h.com/user/login?destination=.well-known/acme-challenge/HLJFazfcQRwflx4V7oMKAlQ4B7YnW4Yc-t_AIrysnUM
[125.212.229.22]: "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML+RDFa
1.0//EN\"\n
\"http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd\">\n<html
xmlns=\"http://ww"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): nginx version: nginx/1.16.1
The operating system my web server runs on is (include version): Centos 7
My hosting provider, if applicable, is: Self host
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.11.0
I can't verify my domain with certbot the error show me error about A record. But when I check quanly.tiengtrung3h.com - Make your website better - DNS, redirects, mixed content, certificates everything's ok
Others domain I can verify successfully.
What should I do in this case? Is there anything wrong from NameCheap (domain provider)?
Any help would be much appreciated! Thanks in advance!
There is no problem with the A or AAAA record, the error message is misleading. The problem is that the web server does a redirection to a logon page instead of serving the challenge reply:
I'd check the other HTTP vhost configs to see why they work.
If all else fails to point out the problem...
You can use something like this in the HTTP vhost to redirect only the NON-challenge requests and provide a dedicated path for the challenge requests:
location ^/(?!\.well-known) { # skip challenge requests
return 301 https://$host$request_uri; # send all requests to HTTPS
}# location
root /new/dedicated/challenge/path; # path for challenge requests
I agree with @rg305, we need to see the other server blocks to see what may be different.
But, do you really need https:// for your proxy_pass? Seems unnecessary for a self-hosted site and that http:// would be fine. It is not wrong - just unusual. Could that be what is different?