Challenge failed for domain (installing on another VPS2 while website is already running on VPS1)

letsali · April 15, 2023, 9:42am

Getting following error. My website is already running on VPS1 using Cloudflare reverse proxy and now I am setting up website on VPS2 and installing certificate using certbot. So the error is coming because site is already running on another VPS1 or is it due to some other issue?
I have not added port 443 in ufw yet (I believe I can add it later once certificate is generated as it has no effect on it)

My domain is: www.familystore.pk

I ran this command:

sudo certbot --nginx -d www.familystore.pk

It produced this output:

Requesting a certificate for www.familystore.pk
Performing the following challenges:
http-01 challenge for www.familystore.pk
Waiting for verification...
Challenge failed for domain www.familystore.pk
http-01 challenge for www.familystore.pk
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: www.familystore.pk
Type: unauthorized
Detail: 2606:4700:3030::ac43:902d: Invalid response from
http://www.familystore.pk/.well-known/acme-challenge/xaf-vMsv5L9pPJOzFwrUfqGGbRlYIx9WLRb-YTqOrZE:
404

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

My web server is (include version):
nginx

The operating system my web server runs on is (include version):
Debian 10

My hosting provider, if applicable, is:
VPS

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.12.0

rg305 · April 15, 2023, 6:21pm

Hi @letsali, and welcome to the LE community forum

Using Cloudflare requires specific settings to allow your server to pass the challenge request.

This 404 failure is a bit strange; As HTTP is generally redirected to HTTPS [by Cloudflare].

letsali · April 15, 2023, 6:30pm

I think it is happening because my site is already running on a different server. And when I try to get certificate on new server, it is unable to find that URL which is giving 404 (even if you use https) because it doesn't exist on current server.

The URL probably exists on new server but since it cannot be accessed as website running on current server, hence the error.

Which means if I have to get certificate, then first, I need to change IP from current VPS to new VPS in CloudFlare DNS. Then I need to get certificate. Then I can revert old IP back in CloudFlare DNS. I think this is how it will work but I could be wrong.

rg305 · April 15, 2023, 6:46pm

Ok, if the FQDN is not able to reach VPS2, then it can't use HTTP-01 authentication.

You could:

copy the cert from VPS1 to VPS2
and use that until it can get its' own
use DNS-01 authentication to obtain a cert on VPS2

system · May 15, 2023, 6:47pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.