Certbot can't find acme-challenge

My domain is: git.hicsuntdev.com

I ran this command: sudo certbot renew

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/git.hicsuntdev.com-0001.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for git.hicsuntdev.com
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (git.hicsuntdev.com-0001) from /etc/letsencrypt/renewal/git.hicsuntdev.com-0001.conf produced an unexpected error: Failed authorization procedure. git.hicsuntdev.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://git.hicsuntdev.com/.well-known/acme-challenge/fBU7f2cBN0o5vFoPXLCNhAk5EW7wubJpdx3szuNesiI [92.154.47.233]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>". Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/git.hicsuntdev.com-0001/fullchain.pem (failure)
-------------------------------------------------------------------------------
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: git.hicsuntdev.com
   Type:   unauthorized
   Detail: Invalid response from
   http://git.hicsuntdev.com/.well-known/acme-challenge/fBU7f2cBN0o5vFoPXLCNhAk5EW7wubJpdx3szuNesiI
   [IP_OF_MY_SERVER]: "<html>\r\n<head><title>404 Not
   Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
   Not Found</h1></center>\r\n<hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version): ubuntu with nginx (hosting a gitlab)

The operating system my web server runs on is (include version): Ubuntu 18.04 LTS

My hosting provider, if applicable, is: (don’t know)

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.19.0

I already tried to set an html file at my_server/.well-known/acme-challenge/index.html
And I can access to this file

I don’t know why certbot can’t find the challenge file, am I supposed to create it myself ? Or is it certbot that create the challenge file ?

1 Like

Hi @Katsuyu

your validation file works. But change the file name to 1234, validation files are without extension.

If that works:

What’s the content of your renew file?

/etc/letsencrypt/renewal

What’s the absolute path of

my_server/.well-known/acme-challenge/1234

in your file system?

2 Likes

Hi @JuergenAuer

Thanks for answering so fast :slight_smile:
Thanks to your answer, I checked the content of /etc/letsencrypt/renewal and the content of webroot-map was wrong so I correct it and now it works just fine :smiley:

Thank you again!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.