Certbot --nginx renew fails - Challenge failed for domain

How netlify interacts with your nginx server is defined in netlify. How you configure that is part of application design. There is no single right answer.

You do not have netlify using your nginx (www.)whatbank.ca server. Your nginx access log did not show your test curl to it. And, of course, we could not see certbot requests passing through.

A couple tips. One is Netlify has a forum which might help you.

Another is to modify your nginx access log format so you can better see what is happening. Adding the server_name is helpful when you share an access log with multiple server definitions. This format is what you have now just with the added $server_name. Check the nginx docs for more options.

(add this line)
log_format newformat  '$remote_addr "($http_x_forwarded_for)" $remote_user '
                       '[$time_local] "$request" $status $body_bytes_sent "$http_referer" '
                       '"$http_user_agent" $server_name';
(change existing line)
access_log     /var/log/nginx/access.log newformat;
2 Likes

OK. I added your increased clarity suggestions to nginx's access log format.

I deleted the whatbank.ca certificate related to nginx
sudo certbot delete --cert-name whatbank.ca

Had to comment out these two lines in /etc/nginx/sites-available/whatbank.ca to get NGINX to reload/restart successfully:

ssl_certificate /etc/letsencrypt/live/whatbank.ca/fullchain.pem; # managed by Certbot 
ssl_certificate_key /etc/letsencrypt/live/whatbank.ca/privkey.pem; # managed by Certbot

We'll see how it goes from here.

Thank you gentlemen for your help!

1 Like

You can easily disable the entire file.
[by removing the link in /sites-enabled/ [to /sites-available/]

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.