One more thing, I've realized you are issuing an ecc cert too, could you please show the acme.sh conf too:
cat /home/acmeuser/.acme.sh/chat.giladsky.com_ecc/chat.giladsky.com.conf
i updated the nginx.conf as you said and restarted the service, now i think so it is using the new certificates, i still cannot get the test file
This is the output
Le_Domain='chat.giladsky.com'
Le_Alt='no'
Le_Webroot='/var/www/letsencrypt'
Le_PreHook=''
Le_PostHook=''
Le_RenewHook=''
Le_API='https://acme-v02.api.letsencrypt.org/directory'
Le_Keylength='ec-384'
Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/102381581/7431819329'
Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/102381581/7431819329'
Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/03c114885611b72c4f88969b537d5d9377c0'
Le_CertCreateTime='1611194336'
Le_CertCreateTimeStr='Thu 21 Jan 2021 01:58:56 AM UTC'
Le_NextRenewTimeStr='Mon 22 Mar 2021 01:58:56 AM UTC'
Le_NextRenewTime='1616291936'
Le_RealCertPath='/etc/letsencrypt/ecc-certs/cert.pem'
Le_RealCACertPath='/etc/letsencrypt/ecc-certs/chain.pem'
Le_RealKeyPath='/etc/letsencrypt/ecc-certs/privkey.pem'
Le_ReloadCmd=''
Le_RealFullChainPath='/etc/letsencrypt/ecc-certs/fullchain.pem'
i use a script for it
#!/bin/bash
sudo -u acmeuser "/home/acmeuser/.acme.sh"/acme.sh --cron --home "/home/acmeuse>
/usr/sbin/service nginx stop
/usr/sbin/service nginx restart
exit 0
i run this script as a cronjob weekly
Thank you!
Sorry, it was my fault, I added an equal to location directive and that is wrong for this case, remove the equal, like this:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name chat.giladsky.com;
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
}
location / {
return 301 https://$host$request_uri;
}
}
Save the file, reload/restart nginx and try again.
i still get 404 page ,
i see now that i am using the new certificate after the nginx restart
only to ask what is it suppose to check?
Now it is working fine, the test-acme file is being served as it should and once you restarted nginx it is serving the new certs 
You are seeing the 404 page because you are using a browser to check the url and you configured hsts on your web server so you are always accessing your site using https instead of http.
Using curl you will see that it is working fine:
$ curl -ikL http://chat.giladsky.com/.well-known/acme-challenge/test-acme
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 22 Jan 2021 22:16:10 GMT
Content-Type: text/plain
Content-Length: 20
Last-Modified: Tue, 19 Jan 2021 23:33:00 GMT
Connection: keep-alive
ETag: "60076c2c-14"
Accept-Ranges: bytes
this is a test file
This change is to be sure Let's Encrypt will be able to validate the http challenge that acme.sh is writing in /var/www/letsencrypt/.well-known/acme-challenge dir.
So this part is fine and you should have no problems in the future and all should work but maybe you want to modify your cron script just a little bit because every week you are stopping and starting nginx no matter whether you have renewed the certs or not but as you are using a normal user to issue the certs it could be a bit complicated to reload nginx using acme.sh conf so to keep it easy just remove the stop and restart commands in your script:
/usr/sbin/service nginx stop
/usr/sbin/service nginx restart
And use only a reload
/usr/sbin/service nginx reload
And I think that's all, enjoy your Let's Encrypt certs 
Dear @sahsanu
i made the changes to the script as you suggested and also i would really like to thank you for taking the time and finding the solution
Again Thank you!
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.