I ran this command: letsencrypt certonly --webroot --dry-run -w /var/www -d bobu.online
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for bobu.online
Using the webroot path /var/www for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. bobu.online (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://bobu.online/.well-known/acme-challenge/I1VJm-AiBLi0CdG5CbuBPax7B2a5Aad2jjPicSxMZpI [34.69.83.105]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: bobu.online
Type: unauthorized
Detail: Invalid response from
http://bobu.online/.well-known/acme-challenge/I1VJm-AiBLi0CdG5CbuBPax7B2a5Aad2jjPicSxMZpI
[34.69.83.105]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
Not Found</h1></center>\r\n<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): Nginx 1.14.0
The operating system my web server runs on is (include version): Ubuntu 18.04 LTS
My hosting provider, if applicable, is: GCP
I can login to a root shell on my machine (yes or no, or I donât know): Yes
Iâm using a control panel to manage my site (no, or provide the name and version of the control panel): No control panel.
The version of my client is (e.g. output of certbot --version or certbot-auto --version if youâre using Certbot): Perhaps Iâm using âLetsencryptâ command.
In Certbot, certonly means "only generate the certificate; don't install it (into a web server application)". It does generate a key. But it does not attempt to reconfigure your server to use the newly obtained certificate; you have to do that yourself by editing configuration files.
The --nginx method tries to integrate with an existing nginx installation.
With certonly --nginx, it tries to reconfigure the existing nginx temporarily in order to prove your control over the domain name, as requested by the certificate authority, but once this is complete, it does not try to reconfigure nginx permanently to use the new certificate.
With --nginx (without certonly), it does this and also tries to reconfigure nginx permanently to use the new certificate.
With --webroot, it tries to create files at a specific path (assuming that this path is being served publicly by an existing web server application) in order to prove your control over the domain name(s) to the certificate authority. This does not make any assumptions about which web server application is in use, so it could work with any kind of existing web server, as long as it's able to serve static files from the filesystem.
This is the old name of Certbot. It was renamed in May 2016.
If you run Certbot as letsencrypt, you are still running Certbot, but you're probably following documentation or tutorials that were created before May 2016.