Certbot failed to authenticate some domains (authenticator: nginx)

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: acewebapi.ace-mc-bohol.com

I ran this command: sudo certbot --nginx -d acewebapi.ace-mc-bohol.com

It produced this output: Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: acewebapi.ace-mc-bohol.com
Type: unauthorized
Detail: 58.69.164.60: Invalid response from http://acewebapi.ace-mc-bohol.com/.well-known/acme-challenge/j2M5bPoCRzCjf5fdmkbJVJWAxAwdzvj4omc-H7i0yqU: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

My web server is (include version): nginx version: nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version):Ubuntu 22.04 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Hi @intjborj, and welcome to the LE community forum :slight_smile:

The entire site returns 404.
You will need a working HTTP site before you can use HTTP authentication to obtain an LE cert.

2 Likes

Hi @rg305, thankyou for your response,

I have my ubuntu machine inside in our network where my nginx webserver hosted and its running okay, but outside network its return 404.

1 Like

Check the routing/NAT.

3 Likes

I agree with Rudy to check your local routings.

Some extra info:

Unless you disabled server response headers your nginx server is not responding to http requests (note no Server: nginx header)

curl -I acewebapi.ace-mc-bohol.com
HTTP/1.1 404 Not Found
Date: Thu, 21 Jul 2022 03:27:52 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive

Also, this is the cert returned when connecting using port 443 (https). Also probably not nginx.

subject= /O=Acme Co/CN=Kubernetes Ingress Controller Fake Certificate
issuer= /O=Acme Co/CN=Kubernetes Ingress Controller Fake Certificate
notBefore=Jul 20 17:05:54 2022 GMT
notAfter=Jul 20 17:05:54 2023 GMT
2 Likes

I thinking LE is pointing to that server which is not nginx.

LE "points to" whatever DNS resolves to; And that leads to whatever the Internet can reach.
If LE can't reach your nginx server, then no one else (on the Internet) can reach it either.
You must have a working HTTP site before you can use HTTP authentication to obtain an LE cert.

3 Likes