Challenge failed for domain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:sudo letsencrypt certonly -a webroot --webroot-path=/opt/gitlab/embedded/service/gitlab-rails/public -d

It produced this output: - The following errors were reported by the server:

Domain:
Type: unauthorized
Detail: Invalid response from
http:///.well-known/acme-challenge/WIGg2Akq36Le9SpxJWi32NfRKsumpDakGJTkOiVTkFM
: “\n\n404 Not
Found\n\n

Not Found

\n<p”

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

My web server is (include version): gitlab nginx

The operating system my web server runs on is (include version): centos 7

My hosting provider, if applicable, is: local

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.38.0

1 Like

Hi @wilcore22

is the webroot path correct?

Create the two subdirectories

/opt/gitlab/embedded/service/gitlab-rails/public/.well-known/acme-challenge

there a file (file name 1234 without extension), then try to load that file via

http://repo.koghi.com/.well-known/acme-challenge/1234

or use online tools to check that complete url.

That should work.

1 Like

Hi @JuergenAuer
Yes, the path is correct because that is the root of gitlab, create the 1234 file, and load correctly with https, but with http it does not load.

I can see the http version - https://check-your-website.server-daten.de/?q=repo.koghi.com%2F.well-known%2Facme-challenge%2F1234

Domainname Http-Status redirect Sec. G
http://repo.koghi.com/.well-known/acme-challenge/1234
190.147.154.155 200 Html is minified: 100,00 % 0.397 H
https://repo.koghi.com/.well-known/acme-challenge/1234
190.147.154.155 -14 10.043 T
Timeout - Timeout für Vorgang überschritten
http://repo.koghi.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
190.147.154.155 GZip used - 1553 / 3084 - 49,64 % Inline-JavaScript (∑/total): 1/164 Inline-CSS (∑/total): 1/947 404 Html is minified: 165,63 % 0.417 A
Not Found

/.well-known/acme-challenge/1234 works, same directory with a random file name has the expected result http status 404 - Not Found.

Visible Content: 404 The page could not be found or you don’t have permission to view it. The resource that you are attempting to access does not exist or you don’t have the necessary permissions to view it. Make sure the address is correct and that the page hasn’t moved. Please contact your GitLab administrator if you think this is a mistake. Go back

I’m not so firm with these GitLab - pages. Isn’t there a specialized tool to create Letsencrypt - certificates?

1 Like

Hello, I could solve it, the problem is that cerbot must load with port 80, so the nginx that has gitlab was reconfigured without ports and the external_url that had https was removed, additionally the firewall was configured so that the server where there was the gitlab, I had access to port 80, with that I executed the command and it worked, thanks.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.