Challenge failed for domain mydomain.com Ubuntu, Nginx, Upcloud

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: texknoter.com

I ran this command: sudo certbot renew --dry-run

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/texknoter.com.conf


Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for texknoter.com
http-01 challenge for www.texknoter.com
Waiting for verification...
Challenge failed for domain www.texknoter.com
Challenge failed for domain texknoter.com
http-01 challenge for www.texknoter.com
http-01 challenge for texknoter.com
Cleaning up challenges
Attempting to renew cert (texknoter.com) from /etc/letsencrypt/renewal/texknoter.com.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/texknoter.com/fullchain.pem (failure)


** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/texknoter.com/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)


1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: www.texknoter.com
    Type: unauthorized
    Detail: Invalid response from
    TexKnoter
    [94.237.76.82]: "\n\n\n <meta
    charset="utf-8">\n <meta http-equiv="X-UA-Compatible"
    content="IE=edge">\n <meta nam"

    Domain: texknoter.com
    Type: unauthorized
    Detail: Invalid response from
    https://texknoter.com/.well-known/acme-challenge/IufOj07fTdhIvMfsGNlz6P2XTQZlSb8LfpN9_cGf0lw
    [94.237.76.82]: "\n\n\n <meta
    charset="utf-8">\n <meta http-equiv="X-UA-Compatible"
    content="IE=edge">\n <meta nam"

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.

My web server is (include version): nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 20.04.1 LTS

My hosting provider, if applicable, is: Upcloud (upcloud.com)

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0

1 Like

I found my issue. My hosting provider made the port 80 is closed by default! I couldn't guess that port 80 can be off! Just after making port 80 open for TCP/UDP everything works perfectly.

1 Like

Welcome to the Let's Encrypt Community :slightly_smiling_face:

This may be your nginx configuration interfering with certbot's nginx authentication plugin.

What is the output of this command?

sudo nginx -T


How would a response be received from a closed port (443 after redirect from 80)?


I am glad you got it working though! :smiley:

1 Like

Hi Griffin,

Thanks for your reply. Actually I checked sudo nginx -t and found nginx OK. Since I've some others VPS where letsencrypt has been working perfectly for several years. But at upcloud.com!
Anyway thanks for your reply

2 Likes

You're quite welcome, my friend. :blush:

I was more concerned about any redirects or special conditions you might have in the nginx configuration file for your website since the certbot nginx authenticator actually temporarily inserts an exception into your nginx configuration when trying to validate your domain ownership via http-01 challenges. Often, this exception in combination with certain aspects of the existing configuration creates a conflict.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.