Challenge failed for domain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
fali.phpadmin.ir

I ran this command:
sudo certbot certonly --webroot -w /home/centos/fali.phpadmin.ir/public_html/ -d fali.phpadmin.ir -d www.fali.phpadmin.ir

It produced this output:
Challenge failed for domain www.fali.phpadmin.ir
Challenge failed for domain fali.phpadmin.ir
http-01 challenge for www.fali.phpadmin.ir
http-01 challenge for fali.phpadmin.ir
Cleaning up challenges
Some challenges have failed.

My web server is (include version):
nginx

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

I have got this error when I want to create a new cert

Challenge failed for domain www.fali.phpadmin.ir
Challenge failed for domain fali.phpadmin.ir
http-01 challenge for www.fali.phpadmin.ir
http-01 challenge for fali.phpadmin.ir
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.fali.phpadmin.ir
   Type:   unauthorized
   Detail: Invalid response from
   http://www.fali.phpadmin.ir/.well-known/acme-challenge/86P4qxpV3U95ORq1TE-7pKPlGkzAQQjex2QoMqet9DI
   [193.176.243.228]: "<!DOCTYPE html>\n<html>\n<head>\n\n    <meta
   charset=\"utf-8\">\n<meta http-equiv=\"X-UA-Compatible\"
   content=\"IE=edge\">\n<title>Not Found"

   Domain: fali.phpadmin.ir
   Type:   unauthorized
   Detail: Invalid response from
   http://fali.phpadmin.ir/.well-known/acme-challenge/FE2V5rnffzcJkzJWfHl9Luw9Sh0k5rHm5PNjDgw20Dk
   [193.176.243.228]: "<!DOCTYPE html>\n<html>\n<head>\n\n    <meta
   charset=\"utf-8\">\n<meta http-equiv=\"X-UA-Compatible\"
   content=\"IE=edge\">\n<title>Not Found"

Hi @falahatiali

checking your domain there is a wrong certificate ( https://check-your-website.server-daten.de/?q=fali.phpadmin.ir ):

CN=blog.phpadmin.ir
	11.09.2019
	10.12.2019
expires in 89 days	
blog.phpadmin.ir, www.blog.phpadmin.ir - 2 entries

Looks like the wrong vHost answers.

There is a nginx. What says

nginx -T

The url-check shows the problem.

http://fali.phpadmin.ir/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

is redirected to your other domain

https://www.phpadmin.ir/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de

It’s possible to use such a redirect to another domain port 80 or port 443. But then you must use the webroot of your other domain in your command.

2 Likes