Certbot failed to authenticate some domains

Hi there! I'm fairly novice at this sort of stuff, and i'm not exactly sure what i've done wrong? I've made a website following various tutorials on youtube, and even got it working on Nginx with http. For configuring the website on Nginx, and attempting to obtain a SSL, i've followed these tutorials;

Any help is appreciated, & apologies for not exactly knowing what i'm doing. We all start somewhere

My domain is: phatserver.xyz

I ran this command: sudo certbot --nginx -d phatserver.xyz -d www.phatserver.xyz

It produced this output:
sudo certbot -v --nginx -d phatserver.xyz -d www.phatserver.xyz
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Requesting a certificate for phatserver.xyz and www.phatserver.xyz
Performing the following challenges:
http-01 challenge for www.phatserver.xyz
Waiting for verification...
Challenge failed for domain www.phatserver.xyz
http-01 challenge for www.phatserver.xyz

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: www.phatserver.xyz
Type: unauthorized
Detail: (redacted IP): Invalid response from http://phatserver.xyz: "\r\n<html lang="en">\r\n\r\n <meta charset="UTF-8">\r\n <meta name="viewport" content="width=device-width, in"

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): I'm not sure? I use nginx if that's what this question is. i'm novice.

The operating system my web server runs on is (include version): Ubuntu 22.04

My hosting provider, if applicable, is: Hiden-Cloud (seems to be an amazon server)

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.21.0

Welcome @Phantom

You should disable the NameCheap URL Redirect for your www subdomain. Set the IP for www to the same value as your base name

You can see here the www subdomain is being handled by NameCheap. This is interfering with HTTP Challenge (removing its URI in the redirect). This URL Redirect won't work under HTTPS anyway.

curl -i http://www.phatserver.xyz/.well-known/acme-challenge/Test404
HTTP/1.1 302 Found
Location: http://phatserver.xyz
X-Served-By: Namecheap URL Forward
Server: namecheap-nginx

Hi! I'm not exactly sure what you mean? Delete the redirect entirely and then what, sorry?
Edit; I went ahead and deleted the redirect, and ran the command again. This is the new output.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Requesting a certificate for phatserver.xyz and www.phatserver.xyz
Performing the following challenges:
http-01 challenge for www.phatserver.xyz
Waiting for verification...
Challenge failed for domain www.phatserver.xyz
http-01 challenge for www.phatserver.xyz

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: www.phatserver.xyz
Type: unauthorized
Detail: 192.64.119.65: Invalid response from http://www.phatserver.xyz/.well-known/acme-challenge/vz2GFDd6MzxQVR3WS4_xpowa6Nl7oRyypapd6j1W-8o: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

You should refer to your NameCheap docs on how to actually do this.

But, you should have an A record for your www subdomain that points to the same IP as your base name. Your base name has an IP that starts with 52 right now.

There is no IP at all for your www right now so looks like you got it removed you now need to set the IP address.

After doing this;
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Requesting a certificate for phatserver.xyz and www.phatserver.xyz
Performing the following challenges:
http-01 challenge for www.phatserver.xyz
Waiting for verification...
Challenge failed for domain www.phatserver.xyz
http-01 challenge for www.phatserver.xyz

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: www.phatserver.xyz
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for www.phatserver.xyz - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.phatserver.xyz - check that a DNS record exists for this domain

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Yes, that's what Mike said before:

Although that might have been fixed in the mean time. I see the same IP address for with and without www currently. Please try Certbot again.

Aha! I must've not waited long enough for the 'internet to update' or whatever, and it appears to have worked now. Thanks

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.