Certificate problem

My domain is: velebittravel.com

I ran this command: sudo certbot --nginx

It produced this output:

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 2
Requesting a certificate for velebittravel.com
Performing the following challenges:
http-01 challenge for velebittravel.com
Waiting for verification...
Challenge failed for domain velebittravel.com
http-01 challenge for velebittravel.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: velebittravel.com
   Type:   unauthorized
   Detail: Invalid response from http://www.velebittravel.com
   [144.217.153.176]: "<html xml:lang=\"fr-FR\"
   lang=\"fr-FR\">\n<head>\n<title qtlid=\"28806\">Félicitations !
   Votre domaine a bien été créé chez OVH !</"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version): NGINX 1.18.0

The operating system my web server runs on is (include version): CentOS 7

My hosting provider, if applicable, is: OVH (A VPS)

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): VestaCP

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot 1.10.1

Hi and welcome to the LE community forum :slight_smile:

You showed that you selected "2", but you don't show what they are:

I see that you want to get a cert for domain: velebittravel.com
But the failure is for:

With the "WWW".

I also see that the first domain redirects to the second:

curl -Iki velebittravel.com
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Tue, 12 Jan 2021 01:05:30 GMT
Content-Type: text/html
Content-Length: 138
Location: http://www.velebittravel.com

This may be part of the problem.
If your config isn't prepared to handle the challenge requests correctly.

If I may advise, I would get a cert with both names on it.
Then you can also correctly redirect HTTPS requests to the WWW.

As for the "proper handling", I've found it best to handle the HTTP challenges in HTTP.
[With some creative coding]
If you are willing to share your vhost configs, maybe we can adjust them to suit all your needs.

Well, so how do i get the cert for the both name? And how do i solve this problem?

The 2 domains i was selecting were the www.velebittravel.com and velebittravel.com.

I don't know how get you the vhost settings nor what do you mean with it.

This answers that:
[you chose correctly for that]

Please post the output of:
[I suspect it wont be too long]
nginx -T

Be sure to use three backticks above and below your config - or it may be difficult to read.
Like this:

```
your config
your config
your config
```

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

This it what it says, but it still giving me the same error.

NOT:
nginx -t
please show
ningx -T
[with a CAPITAL "T"]

Oh sorry, there you are

    root@www:~# nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
# Server globals
user                    www-data;
worker_processes        auto;
worker_rlimit_nofile    65535;
error_log               /var/log/nginx/error.log;
pid                     /var/run/nginx.pid;


# Worker config
events {
        worker_connections  1024;
        use                 epoll;
        multi_accept        on;
}


http {
    # Main settings
    sendfile                        on;
    tcp_nopush                      on;
    tcp_nodelay                     on;
    client_header_timeout           60s;
    client_body_timeout             60s;
    client_header_buffer_size       2k;
    client_body_buffer_size         256k;
    client_max_body_size            256m;
    large_client_header_buffers     4 8k;
    send_timeout                    60s;
    keepalive_timeout               30s;
    reset_timedout_connection       on;
    server_tokens                   off;
    server_name_in_redirect         off;
    server_names_hash_max_size      512;
    server_names_hash_bucket_size   512;


    # Log format
    log_format  main    '$remote_addr - $remote_user [$time_local] $request '
                        '"$status" $body_bytes_sent "$http_referer" '
                        '"$http_user_agent" "$http_x_forwarded_for"';
    log_format  bytes   '$body_bytes_sent';
    #access_log          /var/log/nginx/access.log main;
    access_log off;


    # Mime settings
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;


    # Compression
    gzip                on;
    gzip_static         on;
    gzip_vary           on;
    gzip_comp_level     6;
    gzip_min_length     1024;
    gzip_buffers        16 8k;
    gzip_types          text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype;
    gzip_proxied        any;
    gzip_disable        "MSIE [1-6]\.";

    # Proxy settings
    proxy_redirect      off;
    proxy_set_header    Host            $host;
    proxy_set_header    X-Real-IP       $remote_addr;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass_header   Set-Cookie;
    proxy_buffers       32 4k;
    proxy_connect_timeout   30s;
    proxy_send_timeout  90s;
    proxy_read_timeout  90s;


    # Cloudflare https://www.cloudflare.com/ips
    set_real_ip_from   103.21.244.0/22;
    set_real_ip_from   103.22.200.0/22;
    set_real_ip_from   103.31.4.0/22;
    set_real_ip_from   104.16.0.0/12;
    set_real_ip_from   108.162.192.0/18;
    set_real_ip_from   131.0.72.0/22;
    set_real_ip_from   141.101.64.0/18;
    set_real_ip_from   162.158.0.0/15;
    set_real_ip_from   172.64.0.0/13;
    set_real_ip_from   173.245.48.0/20;
    set_real_ip_from   188.114.96.0/20;
    set_real_ip_from   190.93.240.0/20;
    set_real_ip_from   197.234.240.0/22;
    set_real_ip_from   198.41.128.0/17;
    #set_real_ip_from   2400:cb00::/32;
    #set_real_ip_from   2606:4700::/32;
    #set_real_ip_from   2803:f800::/32;
    #set_real_ip_from   2405:b500::/32;
    #set_real_ip_from   2405:8100::/32;
    #set_real_ip_from   2c0f:f248::/32;
    #set_real_ip_from   2a06:98c0::/29;
    real_ip_header     CF-Connecting-IP;


    # SSL PCI Compliance
    ssl_session_cache   shared:SSL:10m;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers        "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";


    # Error pages
    error_page          403          /error/403.html;
    error_page          404          /error/404.html;
    error_page          502 503 504  /error/50x.html;


    # Cache settings
    proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m;
    proxy_cache_key "$host$request_uri $cookie_user";
    proxy_temp_path  /var/cache/nginx/temp;
    proxy_ignore_headers Expires Cache-Control;
    proxy_cache_use_stale error timeout invalid_header http_502;
    proxy_cache_valid any 1d;


    # Cache bypass
    map $http_cookie $no_cache {
        default 0;
        ~SESS 1;
        ~wordpress_logged_in 1;
    }


    # File cache settings
    open_file_cache          max=10000 inactive=30s;
    open_file_cache_valid    60s;
    open_file_cache_min_uses 2;
    open_file_cache_errors   off;


    # Wildcard include
    include             /etc/nginx/conf.d/*.conf;
}

# configuration file /etc/nginx/mime.types:

types {
    text/html                                        html htm shtml;
    text/css                                         css;
    text/xml                                         xml;
    image/gif                                        gif;
    image/jpeg                                       jpeg jpg;
    application/javascript                           js;
    application/atom+xml                             atom;
    application/rss+xml                              rss;

    text/mathml                                      mml;
    text/plain                                       txt;
    text/vnd.sun.j2me.app-descriptor                 jad;
    text/vnd.wap.wml                                 wml;
    text/x-component                                 htc;

    image/png                                        png;
    image/svg+xml                                    svg svgz;
    image/tiff                                       tif tiff;
    image/vnd.wap.wbmp                               wbmp;
    image/webp                                       webp;
    image/x-icon                                     ico;
    image/x-jng                                      jng;
    image/x-ms-bmp                                   bmp;

    font/woff                                        woff;
    font/woff2                                       woff2;

    application/java-archive                         jar war ear;
    application/json                                 json;
    application/mac-binhex40                         hqx;
    application/msword                               doc;
    application/pdf                                  pdf;
    application/postscript                           ps eps ai;
    application/rtf                                  rtf;
    application/vnd.apple.mpegurl                    m3u8;
    application/vnd.google-earth.kml+xml             kml;
    application/vnd.google-earth.kmz                 kmz;
    application/vnd.ms-excel                         xls;
    application/vnd.ms-fontobject                    eot;
    application/vnd.ms-powerpoint                    ppt;
    application/vnd.oasis.opendocument.graphics      odg;
    application/vnd.oasis.opendocument.presentation  odp;
    application/vnd.oasis.opendocument.spreadsheet   ods;
    application/vnd.oasis.opendocument.text          odt;
    application/vnd.openxmlformats-officedocument.presentationml.presentation
                                                     pptx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
                                                     xlsx;
    application/vnd.openxmlformats-officedocument.wordprocessingml.document
                                                     docx;
    application/vnd.wap.wmlc                         wmlc;
    application/x-7z-compressed                      7z;
    application/x-cocoa                              cco;
    application/x-java-archive-diff                  jardiff;
    application/x-java-jnlp-file                     jnlp;
    application/x-makeself                           run;
    application/x-perl                               pl pm;
    application/x-pilot                              prc pdb;
    application/x-rar-compressed                     rar;
    application/x-redhat-package-manager             rpm;
    application/x-sea                                sea;
    application/x-shockwave-flash                    swf;
    application/x-stuffit                            sit;
    application/x-tcl                                tcl tk;
    application/x-x509-ca-cert                       der pem crt;
    application/x-xpinstall                          xpi;
    application/xhtml+xml                            xhtml;
    application/xspf+xml                             xspf;
    application/zip                                  zip;

    application/octet-stream                         bin exe dll;
    application/octet-stream                         deb;
    application/octet-stream                         dmg;
    application/octet-stream                         iso img;
    application/octet-stream                         msi msp msm;

    audio/midi                                       mid midi kar;
    audio/mpeg                                       mp3;
    audio/ogg                                        ogg;
    audio/x-m4a                                      m4a;
    audio/x-realaudio                                ra;

    video/3gpp                                       3gpp 3gp;
    video/mp2t                                       ts;
    video/mp4                                        mp4;
    video/mpeg                                       mpeg mpg;
    video/quicktime                                  mov;
    video/webm                                       webm;
    video/x-flv                                      flv;
    video/x-m4v                                      m4v;
    video/x-mng                                      mng;
    video/x-ms-asf                                   asx asf;
    video/x-ms-wmv                                   wmv;
    video/x-msvideo                                  avi;
}

# configuration file /etc/nginx/conf.d/51.222.141.219.conf:
server {
    listen       51.222.141.219:80 default;
    server_name  _;
    #access_log  /var/log/nginx/51.222.141.219.log main;
    location / {
        proxy_pass  http://51.222.141.219:8080;
   }
}


# configuration file /etc/nginx/conf.d/status.conf:
server {
    listen       127.0.0.1:8084 default;
    server_name  _;
    server_name_in_redirect  off;
    location / {
        stub_status on;
        access_log   off;
   }
}

# configuration file /etc/nginx/conf.d/vesta.conf:

include /home/admin/conf/web/velebittravel.com.nginx.conf;

# configuration file /home/admin/conf/web/velebittravel.com.nginx.conf:
server {
    listen      51.222.141.219:80;
    server_name velebittravel.com www.velebittravel.com;
    error_log  /var/log/apache2/domains/velebittravel.com.error.log error;

    location / {
        proxy_pass      http://51.222.141.219:8080;
        location ~* ^.+\.(jpg|jpeg|gif|png|ico|svg|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|odt|ods|odp|odf|tar|wav|bmp|rtf|js|mp3|avi|mpeg|flv|html|htm)$ {
            root           /home/admin/web/velebittravel.com/public_html;
            access_log     /var/log/apache2/domains/velebittravel.com.log combined;
            access_log     /var/log/apache2/domains/velebittravel.com.bytes bytes;
            expires        max;
            try_files      $uri @fallback;
        }
    }

    location /error/ {
        alias   /home/admin/web/velebittravel.com/document_errors/;
    }

    location @fallback {
        proxy_pass      http://51.222.141.219:8080;
    }

    location ~ /\.ht    {return 404;}
    location ~ /\.svn/  {return 404;}
    location ~ /\.git/  {return 404;}
    location ~ /\.hg/   {return 404;}
    location ~ /\.bzr/  {return 404;}

    include /home/admin/conf/web/nginx.velebittravel.com.conf*;
}
```

Can you please edit the post and add the backticks?

```
before
and after
```

You can click the PENCIL icon to edit.

Please show this file:

[again, use ``` before and after]

server {
    listen      51.222.141.219:80;
    server_name velebittravel.com www.velebittravel.com;
    error_log  /var/log/apache2/domains/velebittravel.com.error.log error;

    location / {
        proxy_pass      http://51.222.141.219:8080;
        location ~* ^.+\.(jpg|jpeg|gif|png|ico|svg|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|odt|ods|odp|odf|tar|wav|bmp|rtf|js|mp3|avi|mpeg|flv|html|htm)$ {
            root           /home/admin/web/velebittravel.com/public_html;
            access_log     /var/log/apache2/domains/velebittravel.com.log combined;
            access_log     /var/log/apache2/domains/velebittravel.com.bytes bytes;
            expires        max;
            try_files      $uri @fallback;
        }
    }

    location /error/ {
        alias   /home/admin/web/velebittravel.com/document_errors/;
    }

    location @fallback {
        proxy_pass      http://51.222.141.219:8080;
    }

    location ~ /\.ht    {return 404;}
    location ~ /\.svn/  {return 404;}
    location ~ /\.git/  {return 404;}
    location ~ /\.hg/   {return 404;}
    location ~ /\.bzr/  {return 404;}

    include /home/admin/conf/web/nginx.velebittravel.com.conf*;
}

/home/admin/conf/web/velebittravel.com.nginx.conf (END)

Please show w/e this includes:

Or
remove if not needed/used.

So i just delete that line from the file?

Does that show anything?
ls -l /home/admin/conf/web/nginx.velebittravel.com.conf*

Yes, there it is

ls -l /home/admin/conf/web/nginx.velebittravel.com.conf*
-rw-r--r-- 1 root root 147 Jan 12 02:24 /home/admin/conf/web/nginx.velebittravel.com.conf_letsencrypt

Show file:
/home/admin/conf/web/nginx.velebittravel.com.conf_letsencrypt

location ~ "^/\.well-known/acme-challenge/(.*)$" {
    default_type text/plain;
    return 200 "$1.RR-Gy5jQRGHRWGyTwFOuarOpGypGIQC2jlSK4fDChWw";
}

Interesting...
That should have been removed after last use.
[something went wrong]

Let's see if we can code a more permanent solution.

and you can delete that file and that include line.

So, i must delete this:
/home/admin/conf/web/nginx.velebittravel.com.conf_letsencrypt
/home/admin/conf/web/nginx.velebittravel.com.conf*

and this line? include /home/admin/conf/web/nginx.velebittravel.com.conf*

Here I cleaned it up a tiny bit and reordered it in a way that makes more sense (top-down).
Separated the nested location out.
Added the section to handle the challenge files locally.
NOTE: You must create the path for the files to be places into.
use:
mkdir /whatever/unique/path/you/chose/

server {
    listen      51.222.141.219:80;
    server_name velebittravel.com www.velebittravel.com;
    error_log  /var/log/apache2/domains/velebittravel.com.error.log error;

    location ~ /\.ht    {return 404;}
    location ~ /\.svn/  {return 404;}
    location ~ /\.git/  {return 404;}
    location ~ /\.hg/   {return 404;}
    location ~ /\.bzr/  {return 404;}

    location /error/ {
        alias   /home/admin/web/velebittravel.com/document_errors/;
    }# location

    location @fallback {
        proxy_pass      http://51.222.141.219:8080;
    }# location

    location ~* ^.+\.(jpg|jpeg|gif|png|ico|svg|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|odt|ods|odp|odf|tar|wav|bmp|rtf|js|mp3|avi|mpeg|flv|html|htm)$ {
        root           /home/admin/web/velebittravel.com/public_html;
        access_log     /var/log/apache2/domains/velebittravel.com.log combined;
        access_log     /var/log/apache2/domains/velebittravel.com.bytes bytes;
        expires        max;
        try_files      $uri @fallback 404;  #### added 404 as third option ####
    }# location

    location ~ /.well-known/acme-challenge/ {
        default_type text/plain;
        root /your/challenge/location/;   ############ This path needs to be changed and created ##########
    }# location

    location / {
        proxy_pass      http://51.222.141.219:8080;
    }# location
}# server

i don't understand. That is the file that had the include sentence? May i just put it in the one that already exist?

So, then i must get my certification?