Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
panel.pixiee.xyz
I ran this command:
certbot
It produced this output:
https://transfer.sh/sYewfOoXLP/log.log
My web server is (include version):
ngnix (dont know version)
The operating system my web server runs on is (include version):
Ubuntu 22.04
My hosting provider, if applicable, is:
Oracle Cloud Infrastructure
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
1.21.0

From the log the error was below. The Let's Encrypt server could reach "something" at the IP in the DNS but it received an HTTP error 400 instead of the expected challenge token.

Your nginx plugin and nginx config looked to be working correctly in the log. You should make sure the A record in the DNS points to your nginx server. Right now I don't see any A record so I am guessing you are reconfiguring your system.

Let us know if you need further help.

    "type": "http-01",
    "status": "invalid",
    "error": {
        "type": "urn:ietf:params:acme:error:connection",
        "detail": "129.151.134.132: Fetching http://panel.pixiee.xyz/.well-known/acme-challenge/numvWZbdDmPd88ROv5AgkyJOcGIlDXMMKYps2vfM6uU: Error getting validation data",
        "status": 400
    },

I see a DNS issue now:
curl: (6) Could not resolve host: panel.pixiee.xyz

Once you clear that, let's have a look at the whole nginx config, with:

nginx -T

[I think `certbot --nginx` is being confused about where to best place the response code within your config]

The code shown in the "log.log" file contains:
include /etc/letsencrypt/le_http_01_cert_challenge.conf;
But the response code wasn't inserted into that file...
The code:
location = /.well-known/acme-challenge/xUlG9GmdXhpeTurjN0DmQMzOXa5yKR7K7E-9-6y2K18{default_type text/plain;return 200 xUlG9GmdXhpeTurjN0DmQMzOXa5yKR7K7E-9-6y2K18.auFeS7tZpS1HaGMu9z888WRmkiyKq31gnwqq2MaZoRs;} # managed by Certbot
was inserted into the file: /etc/nginx/sites-enabled/pterodactyl.conf

Which is the server block for their domain name.

Start of that conf file is below so looks like nginx plugin did the right thing. I don't think the HTTP request got there but for reason related to comms config and not certbot.

   listen 80;
   listen [::]:80;

   server_name panel.pixiee.xyz;

Then... what is this file for?:

...What does it contain?

I don't know but the needed rewrite and location statements for the challenge are inserted directly into the server block.

The include for that conf file is placed at the higher "http" nginx level.

I just ran a test to capture contents of that le_http_01... file but only saw an empty file. Certbot removes that include line and file after. I sort of recall it having some innocuous general info some time back.

All that may be so.
But nothing explains the "Error getting validation data" [yet].
If everything was working as expected, that would NOT have occurred.
So... I must conclude that things are NOT working as expected.

• Maybe that file isn't empty
  [maybe it is read-only and contains some conflicting information]
• Maybe there is some other device inline that catches HTTP
• Maybe aliens have taken over the Internet [LOL]

Fully agree. And once they restore an IP address in the DNS maybe we can find out

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.