Certbot failed to authenticate some domains

Hello, I'm new to LetsEncrypt. I hope this post is in the right place.

I have a domain to which I wish to add a cert. The web site is active: http://www.grollige.com/

I'm using Nginx and Ubuntu 20. I followed the installation instructions here: Certbot Instructions | Certbot

I followed the instructions line-for-line, including the part about snapd. When I ran the command 'certbot --nginx', I received the following...
blah blah blah
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: grollige.com
Type: unauthorized
Detail: Invalid response from http://grollige.com/.well-known/acme-challenge/PBPImD8Oj8G8Kcuz7dfcOsHEkDIFztdvknBBgxHWFYk []: "\n\n404 Not Found\n\n

Not Found

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
blah blah blah

I'm a little surprised at the reference to ' http://grollige.com/.well-known/acme-challenge/PBPImD8Oj8G8Kcuz7dfcOsHEkDIFztdvknBBgxHWFYk', as no such directory exists.

I also have a rather lengthy log file '/var/log/letsencrypt/letsencrypt.log', which I can published here if required.

I have no experience with certificates. Can anyone please help me to understand why this didn't work?

1 Like

Welcome to the community @Earthenware

Did you request a cert just for grollige.com or for that and www.grollige.com ?

I ask because each of these has a different public IP address in the DNS.

Name:   www.grollige.com

Name:   grollige.com

It is not required that they both be the same IP but they almost always are. And, if they are different they need a different discussion about getting certs.



It asked me which I wanted a cert for and I chose both. I don't recognise the '' address. The '' address is correct.

It was my intention that they both have the same address and that I should have a cert for both.

Then you need to change your DNS record so it matches the www IP. Then retry getting certs for both and let us know. thanks

Update: Specifically, the A record for grollige.com is wrong but the A record for www.grollige.com has the correct IP. Dig (DNS lookup)


I've updated the DNS record. I'll wait for it to propagate and report back. Thanks.


DNS propagation (between authoritative DNS systems) is generally very quick (less than one minute).


I've just tested and it now seems to be OK.

Thank you for the assistance.

Do I need to actively close this thread or mark the problem as 'solved' somehow?


You did. We're good. Thanks for the update.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.