Challenge failed for domain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: ncloud.fitorodnik.ru rabota.fitorodnik.ru help.fitorodnik.ru

I ran this command: sudo letsencrypt certonly -a webroot --webroot-path=/var/www/ -d rabota.fitorodnik.ru -d ncloud.fitorodnik.ru -d help.fitorodnik.ru --debug-challenges -v

It produced this output:
Challenge failed for domain ncloud.fitorodnik.ru
Challenge failed for domain help.fitorodnik.ru
Challenge failed for domain rabota.fitorodnik.ru
IMPORTANT NOTES:

My web server is (include version): nginx/1.19.1

The operating system my web server runs on is (include version): Ubuntu 20.04 LTS

My hosting provider, if applicable, is: local server

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0

2 Likes

DNS A records are ok on DNS hosting

2 Likes

It doesn't seem likely that /var/www/ is the correct webroot for all 3 domains.

Does using the nginx plugin work?

sudo letsencrypt certonly --nginx -d rabota.fitorodnik.ru -d ncloud.fitorodnik.ru -d help.fitorodnik.ru --dry-run
2 Likes

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Could not choose appropriate plugin: The requested nginx plugin does not appear to be installed
The requested nginx plugin does not appear to be installed

What plugin i need to use?

2 Likes

"sudo apt-get install python-certbot-nginx" now i know and will try later mb it is solution

2 Likes

Yes, that could be right.

I'm not entirely sure how you are using letsencrypt on Ubuntu Focal since all the packages got long renamed to certbot.

More generally, following the instructions on https://certbot.eff.org for your OS and webserver is the best way to get setup.

2 Likes

At least the deb packages continued to provide the old name letsencrypt as a link, in case people were using renewal scripts that referred to the old name. It looks like this is maybe not the case in the snap: I have a VPS with the snap and certbot works there, while letsencrypt doesn't. But running letsencrypt still counsels (via command-not-found) that I should install the deb package with apt.

(Maybe that's a packaging bug in its own right, if you get an OS suggestion to install a package that's being phased out because it provides an obsolete name while the current package doesn't!)

3 Likes