Certbot can't issue certificate

replace certbot with your client app name
ps -ef | grep app-name


under "client" I meant our user.

So, what "process" adds/updates nginx?
Is that process [still] running now?


We already know that nginx is running.
We don't know what process updates the nginx configuration.
We don't know if that "update process" is still running OR not.


Ok. seems that I found. Sorry - I forgot to close the notepad with nginx.conf editing.
Now I have this error

ubuntu@ip-172-31-0-122:~$ sudo certbot certonly --nginx -d screenglide.co -d www.screenglide.co --redirect -n --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Simulating a certificate request for screenglide.co and www.screenglide.co

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: screenglide.co
Type: unauthorized
Detail: During secondary validation: Invalid response from http://screenglide.co/.well-known/acme-challenge/zL7BMqc4C3mFk_GS1CtFvdt7nbLUbTvQ6SqUy4CCqlQ: 404

Domain: www.screenglide.co
Type: unauthorized
Detail: During secondary validation: Invalid response from http://screenglide.co: "\n\n<html class="style-green-1 custom_fonts comps live_website unicorn-platform-website" lang="">\n\n\n\n \n\t<!-"

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

1 Like

That's unusual...
That implies that the primary validation passed.

Is there a load-balancer in use?


Nope. Just ubuntu server and nginx.

Did you include that domain in the nginx config?
If so, please show the vhost block.


No...we don't have it it nginx config. The server block is adding when nginx and certbot finish the certificate issuance process

and it worked long time. But near 1 month ago we started to receive these errors with certs. We tried to use another ubuntu server - it worked some time...and about 2 days ago we started to receive erorrs on new server

we have the database with website urls. When the customer connects the domain then it works by this rule

server {
	listen 80;
	server_name   ~^(.+\.)(?<domain>.+\..+)$;
	rewrite ^ $scheme://$domain permanent;

So our server is checking the domain in our database. And it works without https. When the customer tries to connect SSL cert - then we add server block with exactly domain

But a block is required to pass the certification issuance process.


How does that connect to a database?


We have the server with django

right now I understand that this server with django can affect to this process...but in this case it will affect on all our servers. But we have 6 servers with same configuration. And this issue is only on 2 our servers

You might have to switch to using --webroot and a globally aliased path.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.