Failed http-01 challenge - Docker

Hi guys,

I’m in the process of setting of a reverse proxy with letsencrypt & nginx for accessing nextcloud from my unraid server. I’m following spaceinvader one’s video (https://www.youtube.com/watch?v=I0lhZc25Sro&t=947s) and when I get to the part where I look at the letsencrypt docker logs I get failed http-01 challenges and well known acme challenges. Can anyone help me figure out why? I’ve forwarded my ports on an xfinity modem/router combo from 80 to 180 and 443 to 1443 (although the 443 to 1443 rule doesn’t show up in the router’s software webui.)

My domain is: roachserver.com

My logs are shown below:

2048 bit DH parameters present
SUBDOMAINS entered, processing
SUBDOMAINS entered, processing
Only subdomains, no URL in cert
Sub-domains processed are: -d sonarr.roachserver.com -d nextcloud.roachserver.com -d server.roachserver.com
E-mail address entered: vonwilbur@gmail.com
http validation is selected
Generating new certificate
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for nextcloud.roachserver.com
http-01 challenge for server.roachserver.com
http-01 challenge for sonarr.roachserver.com
Waiting for verification...
Challenge failed for domain nextcloud.roachserver.com
Challenge failed for domain server.roachserver.com
Challenge failed for domain sonarr.roachserver.com
http-01 challenge for nextcloud.roachserver.com
http-01 challenge for server.roachserver.com
http-01 challenge for sonarr.roachserver.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:

Domain: nextcloud.roachserver.com
Type: unauthorized
Detail: Invalid response from
http://nextcloud.roachserver.com/.well-known/acme-challenge/cttFHiQPgGa9RZAT119F3dhv5Ux1n6VUpy1i7OY4boo
[98.229.185.243]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
Not Found</h1></center>\r\n<hr><center>"

Domain: server.roachserver.com
Type: unauthorized
Detail: Invalid response from
http://server.roachserver.com/.well-known/acme-challenge/3FhT98EnpjVc17C8DYHciXMClGrQpJJVZsjWSccBgRE
[98.229.185.243]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
Not Found</h1></center>\r\n<hr><center>"

Domain: sonarr.roachserver.com
Type: unauthorized
Detail: Invalid response from
http://sonarr.roachserver.com/.well-known/acme-challenge/qk_A3bCb5NAyvwAIXVCnPk_l_n92YQJR87gWq9zqto8
[98.229.185.243]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
Not Found</h1></center>\r\n<hr><center>"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
ERROR: Cert does not exist! Please see the validation error above. The issue may be due to incorrect dns or port forwarding settings. Please fix your settings and recreate the container

Hi @Vonwilbur

checking that domain ( https://check-your-website.server-daten.de/?q=sonarr.roachserver.com ):

http + / is redirected to /Main, http + /.well-known/acme-challenge isn't.

So you have already an exception.

Which command did you used? --nginx? Or --webroot? There are no older certificates.

Perhaps find your webroot, then use it.

certbot run -a webroot -i nginx -w yourWebRoot -d sonarr.roachserver.com

Thank you for responding,

As I followed the youtube tutorial the only terminal commands I did was to create a docker network, and that was on the unraid terminal and not the letsencrypt docker.
From what you’re saying, http +/.well-known/acme-challenge needs to be redirected to /Main?
I apologize, I’m quite a beginner when it comes to this stuff. Would my webroot be one of the folders located in the letsencrypt appdata folder? Here’s a screenshot of my letsencrypt folder.

No, don't do that. Your http + / is redirected, but your http + /.well-known... not. There Letsencrypt creates a test file. It would be terrible if you would redirect /.well-known ... to /main.

I don't know, maybe, maybe not. A www in the letsencrypt folder?

There are a lot of different commands your Certbot can use. If you don't know the command, it's difficult to see what happens.

You use

Plugins selected: Authenticator standalone, Installer None

so Certbot creates an own webserver and stops the running webserver. Normally, standalone should always work.

Ah okay, so http +/well-known… needs to be redirected to somewhere that can have a test file created and tested by letsencrypt?

As of right now, x.roachserver.com redirects to a ddns which is mapped to my WAN IP address so I’m not sure where my webroot would be located. If I open the www folder in the letsencrypt folder I get an index.html file which brings this up.

Perhaps that's the standalone webserver.

Is it possible to modify the command, so you use -vvv as option?

Or is there a log

/var/log/letsencrypt/letsencrypt.log

with additional informations?

And is this - 98.229.185.243 - your ip address?

I’m not sure what you mean by modifying the command to include -vvv, but there isn’t a log file in that folder. Yes that is my IP address as provided when I set up the DDNS through my router.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.