Certbot failed to authenticate some domains

My domain is: uat.qurany.io

I ran this command:
BRANCH=uat docker compose run --rm certbot certonly --webroot -w /var/www/certbot --force-renewal --email info@blink22.com -d uat.qurany.io --agree-tos
It produced this output:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: uat.qurany.io
Type: unauthorized
Detail: Invalid response from http://uat.qurany.io/.well-known/acme-challenge/Uj1HGGRNgHBqupmXAoLUhYweVdohvINGN5_gohDqyR8: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
My web server is (include version):
nginx (latest docker image)
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
(latest docker image)

More info:

nginx config file:

server {
  listen 80;
  listen [::]:80;

  server_name uat.qurany.io;
  server_tokens off;

  location /.well-known/acme-challenge/ {
    root /var/www/certbot;

  location / {
   proxy_pass http://app:3000

docker compose

    container_name: qurany-nginx
    image: nginx:latest
    restart: always
      - app
      - ./.env
      - 80:80
      - 443:443
      - ./nginx:/etc/nginx/conf.d
      - ./nginx:/etc/nginx/templates
      - ./certbot/www:/var/www/certbot
      - ./certbot/conf:/etc/nginx/ssl

    container_name: qurany-certbot
    image: certbot/certbot:latest
      - ./certbot/www:/var/www/certbot
      - ./certbot/conf:/etc/letsencrypt

Please don't use this option if you don't understand what it does. Thank you.


It is always best to end both [the location and the root] in the same way.
You've shown a location that ends with "/" and a root that does not.

[note: this might not be of great concern for nginx - but it is a good habit to follow nonetheless]


I don't know for nginx, but OP can easily test this with the --debug-challenges option of Certbot, although that requires an interactive prompt and I have no clue how that relates to the Docker stuff.

got it, will update the config file

1 Like

@Osiris @rg305
I have followed your suggestion and still got the same error
is there any suggested solution ?

Did you try with --debug-challenges and found the temporary challenge file in /var/www/certbot/? Or perhaps in /var/www/?

yes, but that path doesn't exist

It's part of your Dockerfile, how can it not exist?

The certbot container isn't running and can't start running till the certificates are existed, so i can't check the path inside the container .
also i have checked the path outside the container and found nothing

If Certbot isn't running, there's no challenge file. Only when Certbot is paused due to the --debug-challenges option, you can find the challenge file.


after running the command with --debug-challenges, got extra logs

Challenges loaded. Press continue to submit to CA.

The following URLs should be accessible from the internet and return the value

Expected value:

after i pressed Enter, i got the same error message, and tried to check challenge file but didn't find it

Two things:

  • you should proceed with your testing on the staging environment
    simplest way is to use/add: --dry-run
  • if you can't reach that file from the Internet before pressing ENTER, then you will need to fix that problem before you can be issued a certificate

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.