Challenge failed for domain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: sudo letsencrypt certonly -a webroot --webroot-path=/var/www/ -d -d -d --debug-challenges -v

It produced this output:
Challenge failed for domain
Challenge failed for domain
Challenge failed for domain

My web server is (include version): nginx/1.19.1

The operating system my web server runs on is (include version): Ubuntu 20.04 LTS

My hosting provider, if applicable, is: local server

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0


DNS A records are ok on DNS hosting


It doesn't seem likely that /var/www/ is the correct webroot for all 3 domains.

Does using the nginx plugin work?

sudo letsencrypt certonly --nginx -d -d -d --dry-run

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Could not choose appropriate plugin: The requested nginx plugin does not appear to be installed
The requested nginx plugin does not appear to be installed

What plugin i need to use?


"sudo apt-get install python-certbot-nginx" now i know and will try later mb it is solution


Yes, that could be right.

I'm not entirely sure how you are using letsencrypt on Ubuntu Focal since all the packages got long renamed to certbot.

More generally, following the instructions on for your OS and webserver is the best way to get setup.


At least the deb packages continued to provide the old name letsencrypt as a link, in case people were using renewal scripts that referred to the old name. It looks like this is maybe not the case in the snap: I have a VPS with the snap and certbot works there, while letsencrypt doesn't. But running letsencrypt still counsels (via command-not-found) that I should install the deb package with apt.

(Maybe that's a packaging bug in its own right, if you get an OS suggestion to install a package that's being phased out because it provides an obsolete name while the current package doesn't!)


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.