Certbot failed to authenticate some domains (authenticator: nginx)

intjborj · July 21, 2022, 12:39am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: acewebapi.ace-mc-bohol.com

I ran this command: sudo certbot --nginx -d acewebapi.ace-mc-bohol.com

It produced this output: Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: acewebapi.ace-mc-bohol.com
Type: unauthorized
Detail: 58.69.164.60: Invalid response from http://acewebapi.ace-mc-bohol.com/.well-known/acme-challenge/j2M5bPoCRzCjf5fdmkbJVJWAxAwdzvj4omc-H7i0yqU: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

My web server is (include version): nginx version: nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version):Ubuntu 22.04 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

rg305 · July 21, 2022, 12:45am

Hi @intjborj, and welcome to the LE community forum

The entire site returns 404.
You will need a working HTTP site before you can use HTTP authentication to obtain an LE cert.

intjborj · July 21, 2022, 1:00am

Hi @rg305, thankyou for your response,

I have my ubuntu machine inside in our network where my nginx webserver hosted and its running okay, but outside network its return 404.

rg305 · July 21, 2022, 1:02am

Check the routing/NAT.

MikeMcQ · July 21, 2022, 3:31am

I agree with Rudy to check your local routings.

Some extra info:

Unless you disabled server response headers your nginx server is not responding to http requests (note no Server: nginx header)

curl -I acewebapi.ace-mc-bohol.com
HTTP/1.1 404 Not Found
Date: Thu, 21 Jul 2022 03:27:52 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive

Also, this is the cert returned when connecting using port 443 (https). Also probably not nginx.

subject= /O=Acme Co/CN=Kubernetes Ingress Controller Fake Certificate
issuer= /O=Acme Co/CN=Kubernetes Ingress Controller Fake Certificate
notBefore=Jul 20 17:05:54 2022 GMT
notAfter=Jul 20 17:05:54 2023 GMT

intjborj · July 21, 2022, 8:44am

I thinking LE is pointing to that server which is not nginx.

rg305 · July 21, 2022, 1:49pm

LE "points to" whatever DNS resolves to; And that leads to whatever the Internet can reach.
If LE can't reach your nginx server, then no one else (on the Internet) can reach it either.
You must have a working HTTP site before you can use HTTP authentication to obtain an LE cert.

system · August 20, 2022, 1:49pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certbot failed to authenticate some domains (authenticator: nginx) Help	8	718	March 14, 2023
Certbot failed to authenticate some domains Help	4	464	May 5, 2022
Certbot failed to authenticate some domains ; It works for most of my domains but few of them not working Help	5	717	July 17, 2022
Unable to Provision Certificate with Certbot Help	10	385	March 6, 2024
Failed to Authenticate Help	21	1434	February 9, 2023

Certbot failed to authenticate some domains (authenticator: nginx)

Related topics