Certbot failed to authenticate domains

My domain is:
api.lynnux.xyz

I ran this command:
sudo certbot --nginx

It produced this output:

We recommend selecting either all domains, or all domains in a VirtualHost/server block.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: api.lynnux.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for api.lynnux.com

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: api.lynnux.com
  Type:   unauthorized
  Detail: The key authorization file from the server did not match this challenge. Expected "T1-PhR4ajr47g-uj3OIeNKhoRunPSQ-oc3sCDirxdDs.ujqihhBLk3dmy08fb_mLDfNrTDEyxVBgb9tZVQOc5p8" (got "WP.com")

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

My web server is (include version):

nginx version: nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version):

Ubuntu 22.04.1 LTS

My hosting provider, if applicable, is:
https://time4vps.com

I can login to a root shell on my machine:
Yes

I'm using a control panel to manage my site:
No

The version of my client is.
certbot 2.7.2

P.S. to link my domain to my server i use a A record set to the server IP.

Welcome @Dark-LYNN

The error is unusual. The Certbot --nginx plugin makes temp changes to your nginx config. When the Let's Encrypt server contacts your domain to validate the Certbot request it should get the value Certbot setup.

But, instead your domain responds with the text WP.com (wordpress?)

I cannot reproduce this error with various testing tools.

Can you upload the contents of the config.txt file resulting from this command?

sudo nginx -T >config.txt

It will be large. A capital T is essential

hey, got this responce

$ sudo nginx -T >config.txt
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Please show the config.txt contents. Either as upload to the post or copy/pasted between three backticks (```).

my nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}

#mail {
#	# See sample authentication script at:
#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#	# auth_http localhost/auth.php; 
#	# pop3_capabilities "TOP" "USER";
#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#	server {
#		listen     localhost:110;
#		protocol   pop3;
#		proxy      on;
#	}
#
#	server {
#		listen     localhost:143;
#		protocol   imap;
#		proxy      on;
#	}
#}

Sigh..

In what world is nginx.conf and config.txt the same thing?

which config.txt do you mean? cant find one in nginx nor letsencript... sorry.

The command sudo nginx -T >config.txt would have generated the config.txt in the directory from where that command was run.

That command should have created a file in the current folder. That is the file we are looking to see

config.txt (8.9 KB)

sorry im so dumb lmao

As we say here, not dumb, just ignorant

But, you are not going to feel any better about this fix

You need to change the server block in your api.lynnux.xyz config file.

1. You must fix the server_name so it ends with .xyz and not .com
2. You should add a listen on IPv6 like your default server block. This is not causing a problem today but could in the future.

So, the first few lines should look like below. The lines after are fine.

# configuration file /etc/nginx/sites-enabled/api.lynnux.xyz:
server {
    listen 80;
    listen [::]:80;
    server_name api.lynnux.xyz; 

    location /static/ {
        alias /path/to/static/files;  # If you have static files to serve
    }

Most likely not related to your issue, but it looks like you copied an example over verbatim. I'm pretty sure that's not what you were suppose to do.

In the security review section:
[wait... we have one?]

I see these two things that need some added care:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
gzip on;

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.