Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: wiki.spiretrading.com

I ran this command: certbot certonly --webroot -w /var/www/wiki.spiretrading.com -d wiki.spiretrading.com

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for wiki.spiretrading.com
Using the webroot path /var/www/wiki.spiretrading.com for all unmatched domains.
Waiting for verification...
Challenge failed for domain wiki.spiretrading.com
http-01 challenge for wiki.spiretrading.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: wiki.spiretrading.com
  Type: unauthorized
  Detail: Invalid response from
  https://spiretrading.com/.well-known/acme-challenge/wgTchZEN3NPlfnZBeKxSGSjfsWnH-2PJWHldEZyXiQ8
  [104.254.93.2]: "\r\n404 Not
  Found\r\n\r\n

  404 Not
  Found

  \r\n

  ---

  nginx/1.17.10 (U"

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

My web server is (include version): NGINX 1.17.10

The operating system my web server runs on is (include version): Ubuntu 20.04 LTS

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.40.0

This certificate is for a mediawiki installation that we have. It was previously installed and running in a different server and I had to move it to this one. On this server I also had a certificate for another subdomain "phpmyadmin.spiretrading.com" but I removed with the "certbot delete" command. This subdomain (phpmyadmin) was working fine but it was supposed to be temporary until I got the wiki running. I also have another certificate for spiretrading.com.

Hi @arthurlucena

if you use webroot and if that doesn't work, your webroot may be wrong.

See your error:

Letsencrypt sees a redirect to your main domain and follows that redirect.

So

• remove that redirect (or)
• use the webroot of your main domain as -w parameter

Hi @JuergenAuer! Thanks for such a fast reply. Removing the redirect would affect my main domain’s certificate or access, right? What is the safest way to change the webroot (your second suggestion) without affecting the up-time on my site (spiretrading.com)?

???

The redirect is from your subdomain. A redirect has nothing to do with a certificate.

Please change your command. I didn't wrote something about changing your main domain.

https://certbot.eff.org/docs/using.html#certbot-command-line-options

-w is only a shortcut of --webroot.

Sorry, I got confused. So you mean to use:
certbot certonly --webroot -w /var/www/spiretrading.com -d wiki.spiretrading.com
when you suggested to use the webroot of my main domain?

I just run the certbot certonly --webroot command and I could get the certificate today. Everything is working, could it be a cache situation on Let’s Encrypt’s end? Regardless, thanks @JuergenAuer

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.