Challenge failed for domain

My domain is: www.getafloat.co.uk

I ran this command:
/opt/letsencrypt/letsencrypt-auto certonly -a webroot --webroot-path=/var/www/acme/ -d activities.uk.com -d www.activities.uk.com -d getafloat.co.uk -d www.getafloat.co.uk --renew-by-default

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for getafloat.co.uk
http-01 challenge for www.getafloat.co.uk
Using the webroot path /var/www/acme for all unmatched domains.
Waiting for verificationā€¦
Challenge failed for domain getafloat.co.uk
Challenge failed for domain www.getafloat.co.uk
http-01 challenge for getafloat.co.uk
http-01 challenge for www.getafloat.co.uk
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

My web server is (include version): nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04 LTS

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I donā€™t know): Yes

Iā€™m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if youā€™re using Certbot): certbot 0.31.0

I noticed the certificate was not auto-renewing (again) so tried to do a manual update, but received the above ā€˜Challenge failedā€¦ā€™ error message.

The web server runs two sites (activities.uk.com and getafloat.co.uk) and when I first installed certbot and the subsequent certificates (spring 2018), it all seemed to go fine. However, thereā€™s been a few problems along the way that Iā€™ve managed to overcome by reading up on this and other forums.

However, Iā€™m at a loss and not sure what to do next.

Any help would be greatly appreciated.

Many thanks,

Derrick

1 Like

Could you post the part of your nginx configuration that relates to /var/www/acme ? Something like this should work:

location /.well-known/acme-challenge/ {
  root /var/www/acme;
}

Maybe also create a test file in there, so we can check the accessibility:

echo "Hello World" > /var/www/acme/test

Thanks for getting back to me so quickly :+1:

Iā€™m now thinking I must have a configuration missing, maybe, since I donā€™t have anything in my nginx configuraton tha relates to /var/www/acme

I canā€™t specifically remember, but I guess I might have just copied ā€˜somethingā€™ relating to /var/ww/acme which is now causing a problem?

Iā€™ve also created the test files which Iā€™ve sucessfully been able to download from:
https://www.activities.uk.com/acme/test
https://www.getafloat.co.uk/acme/test

1 Like

Well, OK. Itā€™s accessible, but at the wrong path.

It has to be accessible at https://www.activities.uk.com/.well-known/acme-challenge/test. The purpose of of the location block I posted earlier, is to create the mapping between that directory and that path.

You can also try just using --webroot-path=/var/www/ instead of what youā€™re doing currently and seeing if that works.

But the location block is the safest approach because it is less likely to be interfered with by other rules (such as PHP-FPM ones).

2 Likes

Thank you _az that seems to have done it.

Great to have experts like you around!

Cheers,

Derrick

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.