Deletion of the certificate and certbot error creating new order :: cannot issue for: domain name does not end with a valid public suffix (tld)

So my problem is being unable to renew my certificate on my nginx which i use as the reverse-proxy.
Tried many things and errors were of type of the authorization, i decided to delete the certificate(without the backup- i know - jump out of the window) because that server is only used as the REST API point.

So now i don't have any certificate on the server. and the

My domain is:
I ran this command:
sudo certbot --nginx

It produced this output:

  Type:   unauthorized
  Detail: Invalid response from []: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>"

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

My web server is (include version):
The operating system my web server runs on is (include version):
Ubuntu 16
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):.
certbot 1.23

I'm curious: how is the error message not clear? Your hostname is not a valid one, it's missing a TLD (top level domain).


sorry, updated.
Now i get similar answer as before, it is not beeing authorized for a request

(on port 80, I might add.)

Ok. So my nginx conf has :
server {
listen 80
listen [::]:80


in the DEBUGER of letsencryp it says :
2022-02-21 11:02:46,541:DEBUG:certbot.util:Not suggesting name "stream_prankcs"

i had it before in nginx.conf :

    server name stream_prankcs
    listen 1443 ssl; # managed by Certbot```

but not anymore

I am surprised your nginx manages to start up, with that config.

unless you actually want port 1443, remove the one.

also, server_name has an underscore, and none of this should be in nginx.conf (it will work, but it should be in sites-enabled or conf.d)

1 Like

yes, the file is in the conf.d, and the server_name has an underscore.
so could it be that 1443 is a problem ?

It's only a problem if you didn't do it on purpose.

Show me the config for port 80.

1 Like

netstat -tulpn | grep :80

tcp 0 0* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -

sorry, is this what you asked ? can you help me with the command

no, the nginx config for port 80.

1 Like

server {
listen 80;
listen [::]:80;
server_name stream_prankcs;

location / {
proxy_redirect off;
log_not_found off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

put your domain name there.

add a block before location /

        location /.well-known/acme-challenge/ {
                root /var/www/html;

and then run certbot --dry-run --webroot -w /var/www/html

1 Like

Need certonly too like:

certbot certonly --dry-run --webroot -w /var/www/html

ok ,
but what of lline
listen 1443 ssl; # managed by Certbot
do i put in latter ?

after run i get the same ;

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Type: unauthorized
Detail: Invalid response from []: "\r\n404 Not Found\r\n<body bgcolor="white">\r\n

404 Not Found


Try with

certbot --dry-run --authenticator webroot -w /var/www/html --installer nginx

(no certonly this time)

If it works, remove --dry-run

1 Like

can;t run it like that:

--dry-run currently only works with the 'certonly' or 'renew' subcommands ('run')

Did you add the location block I told you to add? Did you reload nginx after doing so?

Does this command complain?

1 Like

Yes, i did it and the last command says:

again the same, not authenticated.

Added the certonly option also ... unauthorised again..

hint :
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.