Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: sim-hub.poly.edu

I ran this command: sudo certbot --nginx

It produced this output:Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): sim-hub.poly.edu
Requesting a certificate for sim-hub.poly.edu

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: sim-hub.poly.edu
Type: connection
Detail: Fetching http://sim-hub.poly.edu/.well-known/acme-challenge/YGQy4rk3iK4fu1pgdwwrV0OnPL_aW014sTvJxMd4dF8: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): nginx version: nginx/1.20.1

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:
NAME="Red Hat Enterprise Linux"
VERSION="9.3 (Plow)"

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.9.0

To provide some furter context. I have a server where I wish to host a site on the server itself while at the same time I have an application running setup via Docker which is also hosting a site. I am trying to setup a cert on the server. The same domain name is used, just the application has a specific port. I am atleast trying to get the cert working for the server, afterwards I should be able to direct the application which has the port specific domain to use the cert as well, since it's the same domain.
Not sure if the docker setup is interefering in anyway.

sim-hub.poly.edu and sim-hub.org are both configured hostnames on DNS for the server

Welcome @hwaris

To provide more background ... you chose the --nginx plugin for Certbot which uses the HTTP Challenge to get a cert. This challenge requires the Let's Encrypt servers to reach your domain using HTTP on port 80. They need to be returned the challenge token placed in nginx by Certbot.

But, the LE Servers timeout making their HTTP request. You should check any firewalls, and your port routing given your description.

The Let's Debug test site is helpful to debug new setups. Are you able to reach your domain from the public internet? Use a mobile phone with wifi disabled as one option.
Let's Debug


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.