Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems

Hi, I have problem with my certs, like for example tw.ppm.meteygana.pe . I check the permision of folder but I still see the errors in nginx log file:

[error] 1383405#1383405: *2865399 open() "/var/www/html/letsencrypt/.well-known/acme-challenge/ZQ5LjWiKwVsnqmJOKRYATsfuwXcXayb_cOQFuUFr_ec" failed (2: No such file or directory), client: 23.178.112.105, server: tw.ppm.meteygana.pe, request: "GET /.well-known/acme-challenge/ZQ5LjWiKwVsnqmJOKRYATsfuwXcXayb_cOQFuUFr_ec HTTP/1.1", host: "tw.ppm.meteygana.pe"

but the folder has permissions and the link is open: http://tw.ppm.meteygana.pe/.well-known/acme-challenge/ZQ5LjWiKwVsnqmJOKRYATsfuwXcXayb_cOQFuUFr_ec

I don't know where is problem, And this happend in this month. before all were running without issues

My domain is:
tw.ppm.meteygana.pe
I ran this command:
certbot -v --nginx --no-redirect -d tw.ppm.meteygana.pe -w /var/www/html/letsencrypt/

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Please choose an account
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*1: **********@
*2: **********@
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Requesting a certificate for tw.ppm.meteygana.pe
Performing the following challenges:
http-01 challenge for tw.ppm.meteygana.pe
Waiting for verification...
Challenge failed for domain tw.ppm.meteygana.pe
http-01 challenge for tw.ppm.meteygana.pe

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):

The operating system my web server runs on is (include version):
Ubuntu 20.04.5 LTS nginx version: nginx/1.18.0

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

commands:

  • certbot
    services:
    certbot.renew: oneshot, enabled, inactive
    snap-id: wy7i66qPx4neXr6m9rTh7Y40h8EhtZFh
    tracking: latest/stable
    refresh-date: 9 days ago, at 09:24 -07
    channels:
    latest/stable: 2.7.1 2023-10-10 (3390) 47MB classic
    latest/candidate: ↑
    latest/beta: 2.7.1 2023-10-10 (3390) 47MB classic
    latest/edge: 2.8.0.dev0 2023-10-19 (3419) 47MB classic
    installed: 2.7.1 (3390) 47MB classic

nginx configuere site::

tw.ppm.meteygana.pe.conf

server{
      listen 80;
        server_name tw.ppm.meteygana.pe;
        access_log /var/log/nginx/tw.ppm.meteygana.pe.access.log;
location  / {
        auth_basic off;
        root /var/www/html/letsencrypt;
        try_files $uri $uri/ /index.html;
        allow all;
  } 
}

$ ll /var/www/html/letsencrypt/
total 16
drwxr-xr-x+ 3 www-data www-data 4096 Oct 19 12:24 ./
drwxr-xr-x 13 www-data www-data 4096 Aug 17 12:03 ../
-rw-r-xr--+ 1 www-data www-data 2 Oct 19 12:24 index.html*
drwxr-xr-x+ 3 www-data www-data 4096 Oct 19 10:06 .well-known/
ll /var/www/html/letsencrypt/.well-known/acme-challenge/
total 12
drwxr-xrwx+ 2 www-data www-data 4096 Oct 19 14:18 ./
drwxr-xr-x+ 3 www-data www-data 4096 Oct 19 10:06 ../
-rw-r-xr--+ 1 www-data www-data 3 Oct 19 10:59 index.html*
-rw-rw-r-- 1 www-data www-data 0 Oct 19 14:26 ZQ5LjWiKwVsnqmJOKRYATsfuwXcXayb_cOQFuUFr_ec
$

DNS:

$nslookup tw.ppm.meteygana.pe 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53

Non-authoritative answer:
Name: tw.ppm.meteygana.pe
Address: 201.201.87.202

The --nginx method ignores -w; is it possible that you were previously using --webroot, or -a webroot -i nginx?

Do you not have any content served by nginx other than the Let's Encrypt challenge itself?

1 Like

Try testing with:

certbot certonly --webroot -w /var/www/html/letsencrypt/ -d tw.ppm.meteygana.pe --staging

If that succeeds, then remove the "--staging" and get a real cert.

2 Likes

That file size is ZERO.

2 Likes

We have a script for new sites, after we have cert then we move site/cert/conf to production env with all info. at begin the config only have Let's Encrypt .

correct, beacuse I make touch to file, to test

1 Like

A better "test" is actual content - LOL
[non-zero file]

2 Likes

And don't forget the --deploy-hook to reload the nginx server

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.