I'm running certbot in a docker container, nginx in another docker container. The folder containing the ssl certs is mounted on both containers. The whole setup is based on GitHub - wmnnd/nginx-certbot: Boilerplate configuration for nginx and certbot with docker-compose. I also tried the manual mode, I placed the file in the appropriate folder, tested the access via browser (it's all good) but still certbot claims the access is forbidden (403). It's really crazy to me, I lost dozens of hours already and cannot find the root cause.
My nginx config is:
server {
listen 80;
server_name dev.lubyc.com;
server_tokens off;
location /.well-known/acme-challenge/ {
root /data/certbot/;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name dev.lubyc.com;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/dev.lubyc.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev.lubyc.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
root /var/www;
}
}
My domain is:
dev.lubyc.com
I ran this command:
certbot certonly --webroot -w /data/certbot
It produced this output:
The following errors were reported by the server:
Domain: dev.lubyc.com
Type: unauthorized
Detail: Invalid response from
http://dev.lubyc.com/.well-known/acme-challenge/NQsnycA7qfNT1wecKiooBXPVFRPyLJyCUWG6brpk39Q
[2001:4860:4802:36::15]: "\r\n403
Forbidden\r\n<body
bgcolor="white">\r\n403
\r\n
Forbidden
"To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
My web server is (include version):
nginx 1.15 (nginx:1.15-alpine)
The operating system my web server runs on is (include version):
Alpine Linux 3.10 (docker)
My hosting provider, if applicable, is:
Google Cloud Compute
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
certbot 0.37.2 (docker image certbot/certbot)