Challenge failed for domain (installing on another VPS2 while website is already running on VPS1)

Getting following error. My website is already running on VPS1 using Cloudflare reverse proxy and now I am setting up website on VPS2 and installing certificate using certbot. So the error is coming because site is already running on another VPS1 or is it due to some other issue?
I have not added port 443 in ufw yet (I believe I can add it later once certificate is generated as it has no effect on it)

My domain is:

I ran this command:

sudo certbot --nginx -d

It produced this output:

Requesting a certificate for
Performing the following challenges:
http-01 challenge for
Waiting for verification...
Challenge failed for domain
http-01 challenge for
Cleaning up challenges
Some challenges have failed.


My web server is (include version):

The operating system my web server runs on is (include version):
Debian 10

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.12.0

Hi @letsali, and welcome to the LE community forum :slight_smile:

Using Cloudflare requires specific settings to allow your server to pass the challenge request.

This 404 failure is a bit strange; As HTTP is generally redirected to HTTPS [by Cloudflare].


I think it is happening because my site is already running on a different server. And when I try to get certificate on new server, it is unable to find that URL which is giving 404 (even if you use https) because it doesn't exist on current server.

The URL probably exists on new server but since it cannot be accessed as website running on current server, hence the error.

Which means if I have to get certificate, then first, I need to change IP from current VPS to new VPS in CloudFlare DNS. Then I need to get certificate. Then I can revert old IP back in CloudFlare DNS. I think this is how it will work but I could be wrong.

1 Like

Ok, if the FQDN is not able to reach VPS2, then it can't use HTTP-01 authentication.

You could:

  • copy the cert from VPS1 to VPS2
    and use that until it can get its' own
  • use DNS-01 authentication to obtain a cert on VPS2

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.