Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Some challenges have failed. Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
DNS is correctly mapped because when I directly access mydomain.com on port 80, it successfully passes through to the application running on port 3001 on my home network.
I am just wondering what's wrong with my configuration. Please help
Have you gotten a cert yet? Because your nginx config refers to files for a cert that must already exist. I don't think nginx will start properly referring to missing cert files. Check the nginx error logs in that container.
Also, your nginx server block for port 80 won't work properly. You have two overlapping location blocks for /. My guess is you should move that location block for your reverse proxy into your server block for port 443. But, as I just noted, you should remove the server block for port 443 until you have your cert.
The nginx server does start because it expects certs, which is obvious. The underlying issue is cerbot not being able to create certs. I removed the 443 server block and location block from 80 returning 301. My question was mainly regarding the challenge I'm facing with Certbot.
Keeping your domain name hidden makes it difficult for us to review your situation. Which is why the form you were shown when posting in Help says that is required.
When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it. In any case, all the answers to this questionnaire are required:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
@Osiris@MikeMcQ Thank you for the feedback. My aplogies for not mentioning the domain. Fortunately the issue is resolved now and now both http and https traffic can reach my home network via my domain. I did the following changes.
as Mike suggested I commented out the 443 block and finally nginx was able to handle the acme challenge and the certs were generated. I then activated the secure server also .
I had opened port 80 in router but forgot to open 443. I also opene 443 and that allowed https traffic.
Thank you for the advice. The issue doesn't exist anymore.