Certbot webroot challenge failing with 404 unauthorized response

Hello,

I'm trying to obtain a Let's Encrypt certificate for my domain mypaperhive.com and www.mypaperhive.com using Certbot with the webroot plugin inside Docker. However, I get a 404 unauthorized error when Let's Encrypt tries to validate the domain.

My domain is:
mypaperhive.com, www.mypaperhive.com

I ran this command:

bash

CopyEdit

docker run --rm \
  -v certbot-etc:/etc/letsencrypt \
  -v certbot-var:/var/www/certbot \
  certbot/certbot certonly \
  --webroot \
  --webroot-path=/var/www/certbot \
  --email [masked email] \
  --agree-tos \
  --no-eff-email \
  -d mypaperhive.com -d www.mypaperhive.com

It produced this output:

csharp

CopyEdit

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for mypaperhive.com and www.mypaperhive.com

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: mypaperhive.com
  Type:   unauthorized
  Detail: [IP]: Invalid response from http://mypaperhive.com/.well-known/acme-challenge/…: 404

  Domain: www.mypaperhive.com
  Type:   unauthorized
  Detail: [IP]: Invalid response from http://www.mypaperhive.com/.well-known/acme-challenge/…: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.

My web server is (include version):
nginx: latest (running in Docker)

The operating system my web server runs on is (include version):
Ubuntu 22.04 LTS

My hosting provider, if applicable, is:
Self-hosted VPS

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.6.0 (official docker image)

I have verified that the .well-known/acme-challenge/ directory is properly mapped to /var/www/certbot in my Docker setup, and that nginx is configured to serve files from this location for those paths.

Still, Let's Encrypt receives a 404 response when trying to access the challenge files.

Any advice on how to fix this or what might be misconfigured would be greatly appreciated.

Thank you!

The --webroot-path option is actually expecting the directory where the /.well-known/acme-challenge/ path is situated. E.g., the webserver would need to serve /var/www/certbot/.well-known/acme-challenge/somerandomtoken.

In nginx one would use the root directive. I'm suspecting you might be using the alias directive though.

If the above is indeed the case, this should have been clearly visible in any error log. If not, the logging is not sufficient.

I found the issue, was missing some part in the config file that was ecatly the part where it needed to listen to 443 . I could get a succesfull

That shouldn't affect the webroot HTTP Challenge that you are using. Port 443 isn't involved in that unless you specifically redirect the HTTP challenge to HTTPS. But, you did not do that as we see the HTTP:// in the error message URL

You have nginx running in a container too. Right? Are you sharing the same certbot-var volume with it and referencing the same /var/www/certbot directory in the server block for this domain?