Hi!
It's time to renew my certificates again, and the http-01 challenge fails:
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for emilmoberg.com
http-01 challenge for www.emilmoberg.com
Waiting for verification...
Challenge failed for domain emilmoberg.com
Challenge failed for domain www.emilmoberg.com
http-01 challenge for emilmoberg.com
http-01 challenge for www.emilmoberg.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: emilmoberg.com
Type: unauthorized
Detail: Invalid response from
https://www.emilmoberg.com/.well-known/acme-
challenge/dTB5ORoJvHNgtYoeekiCu00yNLfA1OzqzLMCAqxwJyA
[2606:4700:3032::ac43:d7b5]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body>\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>nginx/1.17.10 (U"
Domain: www.emilmoberg.com
Type: unauthorized
Detail: Invalid response from
https://www.emilmoberg.com/.well-known/acme-
challenge/zSwU0CfQWS8fhj_842a0COxYA2S84KEdBIVkauc8Rl8
[2606:4700:3032::6812:2f28]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body>\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>nginx/1.17.10 (U"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
I ran into the same issue I ran into last time a couple months ago. At that time, I solved it by changing nameservers from cloudflare to digitaloceans nameservers, and disabled https redirects from nginx server blocks (back to how it was when I first created the certificates...)
That was a hassle, but it did not fail then.
(My certificate emilmoberg.com contains domains emilmoberg.com and www.emilmoberg.com)
this is my server block, which redirects all traffic to https://www.emilmoberg.com:
server {
if ($host = emilmoberg.com) {
return 301 https://www.emilmoberg.com$request_uri;
}
server_name emilmoberg.com www.emilmoberg.com;
root /var/www/emilmoberg.com/public_html;
index index.html index.htm index.php;
location / {
try_files $uri $uri.html $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
location ~ /\.ht {
deny all;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/emilmoberg.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/emilmoberg.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.emilmoberg.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = emilmoberg.com) {
return 301 https://www.$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name emilmoberg.com www.emilmoberg.com;
return 404; # managed by Certbot
}
I also use the cloudflare TLS/SSL.
So my question is what is causing the challenges to fail?
What can I do to make renewals go without problems?
emilmoberg.com is only one of my domains, but all of my other personal websites with the same configuration has the same issue.