Certbot failed to authenticate some domains (Unraid docker, 404)

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cdrbitwarden.duckdns.org ; cdroverseerr.duckdns.org ; cdrnasrp.duckdns.org ; cdrnextcloud.duckdns.org

I ran this command: certbot renew (usually my docker cron job does this automatically and doesn't require me to manually do this)

It produced this output: see below

My web server is (include version): SWAG (docker for Unraid)

The operating system my web server runs on is (include version): Unraid v6.12.3

My hosting provider, if applicable, is: duckdns ?

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): I'm using the "SWAG" docker in Unraid for Let's Encrypt reverse proxy

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I don't know (using SWAG docker in Unraid)

Note: I've had SWAG running on my Unraid machine for years without an issue. Recently received an e-mail that my certificates were about to expire. Trying to manually run the "certbot renew" command yields the following;

Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: cdrbitwarden.duckdns.org
Type: unauthorized
Detail: Invalid response from http://cdrbitwarden.duckdns.org/.well-known/acme-challenge/fY9wrGHGM-3uG91iEBC5ng5cI9o8e0PPp_P4vsy0cDo: 404

Domain: cdroverseerr.duckdns.org
Type: unauthorized
Detail: Invalid response from http://cdroverseerr.duckdns.org/.well-known/acme-challenge/5d-kN6r2xKTzX8Uz3tSpQUzI-mo6cWNu0HnVW-JJuGA: 404

Domain: cdrnasrp.duckdns.org
Type: unauthorized
Detail: Invalid response from http://cdrnasrp.duckdns.org/.well-known/acme-challenge/QsTZe4d_WO8z6KhJVJiVp6arKuo3XdGDWYl6xq6J0vQ: 404

Domain: cdrnextcloud.duckdns.org
Type: unauthorized
Detail: Invalid response from http://cdrnextcloud.duckdns.org/.well-known/acme-challenge/LFsK41urTCgO3UEHO4JRbyae1i7EhrAsylF025sZ7jw: 404

Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

Failed to renew certificate cdrnasrp.duckdns.org with error: Some challenges have failed.

All renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/cdrnasrp.duckdns.org/fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)

Hi @perfect777, and welcome to the LE community forum :slight_smile:

Why are you having to run this manually?
Are there any logs that show any previous errors/failures?
Is that the correct IP?

Are your sites reachable from the Internet?
[is port 80 allowed to reach your system?]


80 and 443 are open and accessible. And the hostname resolves to the IP.


I'm not intending to run this manually - my SWAG docker has always handled renewals automatically. However, I'm now receiving e-mails that my "Certbot failed to authenticate some domains" and that they will expire in a few days. I was running them manually to see if I could do it manually.. and thus ran into the errors I pasted in my original window.

Yes, my IP is correct. Yes, my sites are currently reachable from the internet (but I suspect they will not be after the certs expire).

I believe the "A" in "SWAG" stands for Apache.
If so, I would start there, with the output of:

sudo apachectl -t -D DUMP_VHOSTS


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.