Challenge Failed but nginx say its ok

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: whatssapp.contadigital.mx

I ran this command:
sudo certbot certonly --webroot -w /var/www/certbot -d whatssapp.contadigital.mx --dry-run

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for whatssapp.contadigital.mx

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: whatssapp.contadigital.mx
Type: connection
Detail: During secondary validation: 20.185.232.218: Fetching http://whatssapp.contadigital.mx/.well-known/acme-challenge/Cc9urEYxpkcsM6SrczfIxsMYIMfjKMol1hjC0LuMdhA: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.

My web server is (include version):
nginx

The operating system my web server runs on is (include version):
ubuntun

My hosting provider, if applicable, is:
azure vm

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
everything from console

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
2.9.0

The nginx access.log generate is

10.2.2.6 - - [29/Sep/2025:17:31:48 +0000] "GET /.well-known/acme-challenge/8YBOUQ6fcEGe0u21SabCTtJo1cMmabII3VgUquXCtTE HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
10.2.2.6 - - [29/Sep/2025:17:31:49 +0000] "GET /.well-known/acme-challenge/8YBOUQ6fcEGe0u21SabCTtJo1cMmabII3VgUquXCtTE HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
10.2.2.6 - - [29/Sep/2025:17:31:49 +0000] "GET /.well-known/acme-challenge/8YBOUQ6fcEGe0u21SabCTtJo1cMmabII3VgUquXCtTE HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

3 Request or file of validation and cerbot send "ailed to download the temporary challenge files" some idea

Thanks advanced

The "secondary validation" in the error usually means you are blocking certain geographic regions from accessing your domain. And, using this test site shows that you are: Check website performance and response : Check host - online website monitoring

Let's Encrypt validates from a number of world-wide locations. You must be blocking one or more of these locations. Below is an excellent article about that and suggests options for you

thank your are right

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.