Certbot on Nginx with TYPO3 on Debian

My domain is: HPradio.country-radio.eu
NGINX: 1.26.3
Debian: trixie

What happen if I run Certbot --nginx?
What modification is Certbot doing, because I can find any.

In my Nginx configuration There ia a big part for TYPO3.
The root for TYPO3 is /var/www/html/typo3/public and I have some other Nginx blocks for /phpmyadmin/ , /test/ and /public/ with a root of /usr/www/html/.
I also can find any .well-known directory.
I guess the directory should be created by Certbot, but where?
And how Certbot makes sure that the Let's Encrypt server can read this directory.

Without more information I am not able to solve the problem.

Certbot makes a temporary modification to your nginx configuration to service the HTTP-01 challenge directly then reverts that modification when the challenge is complete. No directories or files are created to satisfy the challenge.

But LE tried to access the .well-known/... file and dont find it.
If it tried it to find it directly under the Home Page, I have to make some changes in the Nginx Configuration.
Who is reating this directory and where?

No directory is being created. My guess of what is happening is that something else in your nginx configuration (or an orphaned nginx process) is interfering with the temporary changes that certbot is making. If you post your nginx configuration here, it might be possible for us to point out the cause.

Posting specific error messages would help greatly.

The Let's Debug test site reports your server issuing a 403 Forbidden error.

Do you have a firewall or similar blocking some requests?

But, I agree it would be helpful to see the error message displayed by Certbot so we don't have to guess

Which names would you like to activate HTTPS for?
We recommend selecting either all domains, or all domains in a VirtualHost/server block.

1: hpradio.country-radio.eu

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for hpradio.country-radio.eu

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: hpradio.country-radio.eu
Type: unauthorized
Detail: 85.182.222.24: Invalid response from http://hpradio.country-radio.eu/.well-known/acme-challenge/Ulq_rbRV4vgljeg_JptRywGL5XULZHEEqnONILc6SMw: 403

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Yep, that's a 403 forbidden error not a 404 not found error.

That's why I asked my questions on the beginning.
I have created a dir /var/www/html/.well-known with the rights 777, but that seems not to help.
So what is required?

No, it is not a problem with your nginx system reading a file. As already noted, Certbot --nginx option does not use a file. Your system is denying all requests as 403 Forbidden.

Your system denies requests even to your "home" page so is not related to Let's Encrypt. Even more odd, it is an Apache server replying to requests not an nginx server. Do you know why that is?

curl -i http://HPradio.country-radio.eu
HTTP/1.1 403 Forbidden
Date: Fri, 17 Oct 2025 12:39:46 GMT
Server: Apache
Content-Length: 199
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
</body></html>

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.