Challenge failed for domain

My domain is: www.getafloat.co.uk

I ran this command:
/opt/letsencrypt/letsencrypt-auto certonly -a webroot --webroot-path=/var/www/acme/ -d activities.uk.com -d www.activities.uk.com -d getafloat.co.uk -d www.getafloat.co.uk --renew-by-default

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for getafloat.co.uk
http-01 challenge for www.getafloat.co.uk
Using the webroot path /var/www/acme for all unmatched domains.
Waiting for verification…
Challenge failed for domain getafloat.co.uk
Challenge failed for domain www.getafloat.co.uk
http-01 challenge for getafloat.co.uk
http-01 challenge for www.getafloat.co.uk
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

My web server is (include version): nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04 LTS

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

I noticed the certificate was not auto-renewing (again) so tried to do a manual update, but received the above ‘Challenge failed…’ error message.

The web server runs two sites (activities.uk.com and getafloat.co.uk) and when I first installed certbot and the subsequent certificates (spring 2018), it all seemed to go fine. However, there’s been a few problems along the way that I’ve managed to overcome by reading up on this and other forums.

However, I’m at a loss and not sure what to do next.

Any help would be greatly appreciated.

Many thanks,

Derrick

1 Like

Could you post the part of your nginx configuration that relates to /var/www/acme ? Something like this should work:

location /.well-known/acme-challenge/ {
  root /var/www/acme;
}

Maybe also create a test file in there, so we can check the accessibility:

echo "Hello World" > /var/www/acme/test

Thanks for getting back to me so quickly :+1:

I’m now thinking I must have a configuration missing, maybe, since I don’t have anything in my nginx configuraton tha relates to /var/www/acme

I can’t specifically remember, but I guess I might have just copied ‘something’ relating to /var/ww/acme which is now causing a problem?

I’ve also created the test files which I’ve sucessfully been able to download from:
https://www.activities.uk.com/acme/test
https://www.getafloat.co.uk/acme/test

1 Like

Well, OK. It’s accessible, but at the wrong path.

It has to be accessible at https://www.activities.uk.com/.well-known/acme-challenge/test. The purpose of of the location block I posted earlier, is to create the mapping between that directory and that path.

You can also try just using --webroot-path=/var/www/ instead of what you’re doing currently and seeing if that works.

But the location block is the safest approach because it is less likely to be interfered with by other rules (such as PHP-FPM ones).

2 Likes

Thank you _az that seems to have done it.

Great to have experts like you around!

Cheers,

Derrick

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.