Certbot on Django+Nginx+Docker

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: http://mp3-from-youtube.com/

I ran this command: sudo docker compose -f docker-compose.prod.yml run --rm certbot certonly --webroot --webroot-path /var/www/certbot/ --dry-run -d mp3-from-youtube.com

It produced this output: Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: mp3-from-youtube.com
Type: unauthorized
Detail: Invalid response from http://mp3-from-youtube.com/.well-known/acme-challenge/X9krQovKAX8-E717yrxOkEoGIG62BQHVFT9DFAhjJL4: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

My web server is (include version): nginx 1.23

The operating system my web server runs on is (include version): Ubuntu 22.04

My hosting provider, if applicable, is: ihc.ru

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.5.0

If DEBUG is True, I get the next output in browser, when try to open url http://mp3-from-youtube.com/.well-known/acme-challenge/X9krQovKAX8-E717yrxOkEoGIG62BQHVFT9DFAhjJL4:

Page not found (404)

Then there is list of my URL patterns from URLconfig and in the end the standard line:
The current path, .well-known/acme-challenge/X9krQovKAX8-E717yrxOkEoGIG62BQHVFT9DFAhjJL4, didn’t match any of these.

My docker-compose.prod.yml has (copy only this part because the whole file is too long, it has 4 more services):

version: '3.8'
    image: certbot/certbot:latest
      - ./certbot/www/:/var/www/certbot/:rw
    image: nginx:latest
      - ./nginx:/etc/nginx/conf.d/:ro
      - ./certbot/www:/var/www/certbot/
      - static_volume:/home/deploy/ytd/staticfiles
      - media_volume:/home/deploy/ytd/uploads/audio
      - 80:80
      - 443:443
      - ytd
    restart: always

My nginx conf is:

upstream ytd_deploy_1509 {
    server ytd:8000;

server {

    listen 80;
    listen [::]:80;

    server_name mp3-from-youtube.com;

    location ^~ /\.well-known {
        allow all;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;

    location / {
        return 301 https://mp3-from-youtube.com$request_uri;
        proxy_pass http://ytd_deploy_1509;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_redirect off;

    location /static/ {
        alias /home/deploy/ytd/staticfiles/;

    location /download-audio/ {
        alias /home/deploy/ytd/uploads/audio/;


I think that by visiting http://mp3-from-youtube.com/.well-known/acme-challenge/ and seeing that the response is served by Django, rather than by the above location rule, we can say that your nginx configuration is not actually being loaded by the nginx container.


Thank you for response! So you suppose that it is not necessary to change anything in URL config? But I've gotten in docker logs for nginx container 94.143.<123.456> - - [18/Apr/2023:09:33:56 +0000] "GET /.well-known/acme-challenge/ HTTP/1.1" 404 4153 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0" "-". It was my own visit. According to this, nginx container is working and serving requests.

Yes! But when you visit the page, you see the Django error page, which means nginx is passing the request through to Django.

That location rule should prevent that from happening. nginx should be serving its own 403 page for that URL.

I think a different nginx configuration is serving your requests.


i'm confused how can it be :frowning: I'm a very newbie and I just followed instructions for certbot on docker from How to handle HTTPS using Nginx, Let's encrypt and Docker - Mindsers Blog. Can you suppose or say, where I do wrong in my files?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.