File not find 2024/07/02 10:49:14 [error] 21#21: *1 open() "/usr/share/nginx/html/

Help
1

My domain is: sieunhan.langbach.io.vn

I ran this command: certonly --webroot -w /var/www/certbot --force-renewal --email [redacted]@gmail.com -d sieunhan.langbach.io.vn --agree-tos

It produced this output:
certbot | Saving debug log to /var/log/letsencrypt/letsencrypt.log
certbot | Requesting a certificate for sieunhan.langbach.io.vn
nginx | 2024/07/02 10:40:37 [error] 21#21: *1 open() "/usr/share/nginx/html/.well-known/acme-challenge/beaDrTaGTRICwfcYmVBAvLrsywmxNxL7R1dtFWxn9oc" failed (2: No such file or directory), client: 23.178.112.103, server: localhost, request: "GET /.well-known/acme-challenge/beaDrTaGTRICwfcYmVBAvLrsywmxNxL7R1dtFWxn9oc HTTP/1.1", host: "sieunhan.langbach.io.vn"
nginx | 23.178.112.103 - - [02/Jul/2024:10:40:37 +0000] "GET /.well-known/acme-challenge/beaDrTaGTRICwfcYmVBAvLrsywmxNxL7R1dtFWxn9oc HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
certbot |
certbot | Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
certbot | Domain: sieunhan.langbach.io.vn
certbot | Type: unauthorized
certbot | Detail: 103.124.92.248: Invalid response from http://sieunhan.langbach.io.vn/.well-known/acme-challenge/beaDrTaGTRICwfcYmVBAvLrsywmxNxL7R1dtFWxn9oc: 404
certbot |
certbot | Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
certbot |
certbot | Some challenges have failed.
certbot | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
certbot exited with code 1

My web server is (include version): I use image from docker nginx:latest

The operating system my web server runs on is (include version):
Client: Docker Engine - Community
Version: 27.0.2
API version: 1.46
Go version: go1.21.11
Git commit: 912c1dd
Built: Wed Jun 26 18:47:28 2024
OS/Arch: linux/amd64
Context: default

Server: Docker Engine - Community
Engine:
Version: 27.0.2
API version: 1.46 (minimum version 1.24)
Go version: go1.21.11
Git commit: e953d76
Built: Wed Jun 26 18:47:28 2024
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.7.18
GitCommit: ae71819c4f5e67bb4d5ae76a6b735f29cc25774e
runc:
Version: 1.7.18
GitCommit: v1.1.13-0-g58aa920
docker-init:
Version: 0.19.0
GitCommit: de40ad0

docker-compose: Docker Compose version v2.28.1

My hosting provider, if applicable, is: https://nhanhoa.com/

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): i dont know

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): im use certbot from image certbot/certbot

I tested http://sieunhan.langbach.io.vn/.well-known/acme-challenge/uya8aSSSqUXqJRUI5hE_HsoXRgz6IcS-GRhNz5QAYCQ, the link is completely correct and working

This is the log file from /var/log/letsencrypt/letsencrypt.log

2024-07-02 10:49:10,163:DEBUG:certbot._internal.main:certbot version: 2.11.0
2024-07-02 10:49:10,163:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/local/bin/certbot
2024-07-02 10:49:10,163:DEBUG:certbot._internal.main:Arguments: ['--webroot', '-w', '/var/www/certbot', '--force-renewal', '--email', '[redacted]@gmail.com', '-d', 'sieunhan.langbach.io.vn', '--agree-tos']
2024-07-02 10:49:10,163:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2024-07-02 10:49:10,179:DEBUG:certbot._internal.log:Root logging level set at 30
2024-07-02 10:49:10,182:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2024-07-02 10:49:10,184:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A seperate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='webroot', value='certbot._internal.plugins.webroot:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7fe10c0efb60>
Prep: True
2024-07-02 10:49:10,185:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7fe10c0efb60> and installer None
2024-07-02 10:49:10,185:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2024-07-02 10:49:10,266:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2024-07-02 10:49:10,271:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2024-07-02 10:49:11,005:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 746
2024-07-02 10:49:11,006:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 02 Jul 2024 10:49:15 GMT
Content-Type: application/json
Content-Length: 746
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "N_vlEW8bcOc": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2024-07-02 10:49:11,007:DEBUG:acme.client:Requesting fresh nonce
2024-07-02 10:49:11,007:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2024-07-02 10:49:11,238:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2024-07-02 10:49:11,239:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 02 Jul 2024 10:49:15 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: B-hK_YLCse0qbPcJ0WJCHEyHrCOuQ7rdQvJWALbYNPxmuA5ZWaM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2024-07-02 10:49:11,239:DEBUG:acme.client:Storing nonce: B-hK_YLCse0qbPcJ0WJCHEyHrCOuQ7rdQvJWALbYNPxmuA5ZWaM
2024-07-02 10:49:11,240:DEBUG:acme.client:JWS payload:
b'{\n  "contact": [\n    "mailto:bachlang364@gmail.com"\n  ],\n  "termsOfServiceAgreed": true\n}'
2024-07-02 10:49:11,247:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-acct:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAiandrIjogeyJuIjogIndLODA5cXhQeF80S0ZrZlhpV25NcUpJUHdzaWZ6RGJTeVNsei10Qi03VWI4czh4YXNKTjBZeUFoSndITkE5VFpMY2tKQTVSUDA3TnhRRHUyYWJuZDdZSURmV3BNTmctSlBqZlhTYnhwVHhVOHk4Q0JuaDNtUW5mTElQNUNZMV9LbzBXcjk3X2VENWpoczNVN3g0a1FMZk80cVB1enFMal9FcERZQWw2ZFBBLU05bmRRd1A2Z3JqMjFUREZURzQxRk9qbHVoa0Nqd0JJTUdDWWxHLUpzLTYtYTlmVG1wMDZMMlVTLTJJelBNeUhPeVlueldOal9uWFVfajdXaXdtOWlGbjhnV3p5Ul9PY2dKeVdReURHaXZ1b2RneldOR29RZ3J0X3FxVlZ6YVRkX29HWEVyRDM0Wm5jWmZJOVRfdndpY1RlaVFtQ0FYZ2J2Si1DT19zdzZjdyIsICJlIjogIkFRQUIiLCAia3R5IjogIlJTQSJ9LCAibm9uY2UiOiAiQi1oS19ZTENzZTBxYlBjSjBXSkNIRXlIckNPdVE3cmRRdkpXQUxiWU5QeG11QTVaV2FNIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCJ9",
  "signature": "BhjUtwfFBg3_IxqFOXIHxrTsR2esa5U6a_5HVUHeK95zzvqpL-ucgOKSmPEikAkx8kKjgsHkFmmoKtPHaMsHP-pxuGoPWoCHiRQi264gFaX2ZHD8PtBGfj7yeB7euYeGsdpiWHp04fNOM5LI_lNzQAUE_-FlKyfru7ZBEcvyVMhVArWiAF17UidvILRrgV4TM15CSK1VCoufMpEvJONud4MUJlWtsbTpeDDgCcmFp-etFJMKOad7BNGp1xobJi0TAe7dYYvAZGaj92tYOUAxX9DN3Q302ORbbbGGc2qHjz4M9BTnKkE0u1ktGfirVvAEMAC1xdsLSxnwYHMzUveTQA",
  "payload": "ewogICJjb250YWN0IjogWwogICAgIm1haWx0bzpiYWNobGFuZzM2NEBnbWFpbC5jb20iCiAgXSwKICAidGVybXNPZlNlcnZpY2VBZ3JlZWQiOiB0cnVlCn0"
}
2024-07-02 10:49:11,532:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-acct HTTP/1.1" 201 555
2024-07-02 10:49:11,533:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Tue, 02 Jul 2024 10:49:15 GMT
Content-Type: application/json
Content-Length: 555
Connection: keep-alive
Boulder-Requester: 1814743567
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf>;rel="terms-of-service"
Location: https://acme-v02.api.letsencrypt.org/acme/acct/1814743567
Replay-Nonce: eF-2qMJ9LPSmxlCcDnEHHGp3C_KFWMQU6O2aX7IV2NvwmAXJdJM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "key": {
    "kty": "RSA",
    "n": "wK809qxPx_4KFkfXiWnMqJIPwsifzDbSySlz-tB-7Ub8s8xasJN0YyAhJwHNA9TZLckJA5RP07NxQDu2abnd7YIDfWpMNg-JPjfXSbxpTxU8y8CBnh3mQnfLIP5CY1_Ko0Wr97_eD5jhs3U7x4kQLfO4qPuzqLj_EpDYAl6dPA-M9ndQwP6grj21TDFTG41FOjluhkCjwBIMGCYlG-Js-6-a9fTmp06L2US-2IzPMyHOyYnzWNj_nXU_j7Wiwm9iFn8gWzyR_OcgJyWQyDGivuodgzWNGoQgrt_qqVVzaTd_oGXErD34ZncZfI9T_vwicTeiQmCAXgbvJ-CO_sw6cw",
    "e": "AQAB"
  },
  "contact": [
    "mailto:bachlang364@gmail.com"
  ],
  "initialIp": "103.124.92.248",
  "createdAt": "2024-07-02T10:49:15Z",
  "status": "valid"
}
2024-07-02 10:49:11,533:DEBUG:acme.client:Storing nonce: eF-2qMJ9LPSmxlCcDnEHHGp3C_KFWMQU6O2aX7IV2NvwmAXJdJM
2024-07-02 10:49:11,537:WARNING:certbot._internal.display.obj:Skipped user interaction because Certbot doesn't appear to be running in a terminal. You should probably include --non-interactive or --force-interactive on the command line.
2024-07-02 10:49:11,538:DEBUG:certbot._internal.display.obj:Falling back to default False for the prompt:
Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. 
2024-07-02 10:49:11,538:DEBUG:certbot._internal.display.obj:Notifying user: Account registered.
2024-07-02 10:49:11,539:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.bindings._rust.openssl.rsa.RSAPublicKey object at 0x7fe109b4c970>)>), contact=('mailto:[redacted]@gmail.com',), agreement=None, status='valid', terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1814743567', new_authzr_uri=None, terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf'), 5bb89b693681ff2cd348b65e15c8551f, Meta(creation_dt=datetime.datetime(2024, 7, 2, 10, 49, 11, tzinfo=<UTC>), creation_host='d8fbf995254d', register_to_eff=None))>
2024-07-02 10:49:11,541:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for sieunhan.langbach.io.vn
2024-07-02 10:49:11,550:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "sieunhan.langbach.io.vn"\n    }\n  ]\n}'
2024-07-02 10:49:11,553:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTgxNDc0MzU2NyIsICJub25jZSI6ICJlRi0ycU1KOUxQU214bENjRG5FSEhHcDNDX0tGV01RVTZPMmFYN0lWMk52d21BWEpkSk0iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "AIEgz6096x6ZG1K_BAHdmveaOmuXxpUDdeHKQJ_6dhEjLc9I1omU-eQHbai2pDL8Nnb8e1mx0TPeey-7jftZQ8s3Ps1Z82R3JA7oWsgPYiAqRpB0TPV_02IwKxqB2I5a-jZkvZb_GeHIfsdR4SOWklWBIU4zbS3YpYy5RyikibN91axAxGMoE2h-EnhqWfLt1Jm75YjW_VsAE4YwXBVEBZ35ij3Fn0a6-Qp9hmXVlSmdoa9ik6AzOMf6LGjghCuQkuCylLnOuJBcFbSjnt5NcYl0hFHldN3AFRpoeh2hF54NDY6Dp0LSBHNg6ti6SSM0rzZxuN_lExMWQoSBUoLh0g",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInNpZXVuaGFuLmxhbmdiYWNoLmlvLnZuIgogICAgfQogIF0KfQ"
}
2024-07-02 10:49:11,945:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 349
2024-07-02 10:49:11,946:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Tue, 02 Jul 2024 10:49:16 GMT
Content-Type: application/json
Content-Length: 349
Connection: keep-alive
Boulder-Requester: 1814743567
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1814743567/283663141177
Replay-Nonce: B-hK_YLC8GsFuriJj6EPOn5Q16e_Ba8xkqWKhNwpmB9Xf9nHwPM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2024-07-09T10:49:16Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "sieunhan.langbach.io.vn"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/371683469817"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1814743567/283663141177"
}
2024-07-02 10:49:11,946:DEBUG:acme.client:Storing nonce: B-hK_YLC8GsFuriJj6EPOn5Q16e_Ba8xkqWKhNwpmB9Xf9nHwPM
2024-07-02 10:49:11,947:DEBUG:acme.client:JWS payload:
b''
2024-07-02 10:49:11,948:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/371683469817:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTgxNDc0MzU2NyIsICJub25jZSI6ICJCLWhLX1lMQzhHc0Z1cmlKajZFUE9uNVExNmVfQmE4eGtxV0toTndwbUI5WGY5bkh3UE0iLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM3MTY4MzQ2OTgxNyJ9",
  "signature": "agbBmw7TP5CPhOj99Ifq-8ldXpAngK6VTFO9Vf419ZjHT8-BpT-sThfKsm7MyY3eZfvfd-f1izTmW1BElKfVlTILHeXm_kmqix4TeYu04ejkO_-XH5hnlglJB1kSP9DIzJwdEYFMrl0WYFkunmRNS559RLiLqQAmLgtyav5fXnj86yIO5Yam1dURqlaVhWIiwPCgY2zisI2AYviGAgyZnkRyp1tHfHlhJTfsMULL87mC2gwbV3Lk7jAIuraNpPyIj9MlQ0n3veZG2zke16E0m5dw8JxcQUl_Xvgch3ogLtwvQ5Jzr-HljGT4gzDwXY1UzHzSKIfk8_m0C3Y-QBQUoA",
  "payload": ""
}
2024-07-02 10:49:12,258:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/371683469817 HTTP/1.1" 200 807
2024-07-02 10:49:12,259:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 02 Jul 2024 10:49:16 GMT
Content-Type: application/json
Content-Length: 807
Connection: keep-alive
Boulder-Requester: 1814743567
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: eF-2qMJ97nK7NO5v-Dv-tnJxmAaVDL8EPH1NpOV2a_1pdnosIcU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "sieunhan.langbach.io.vn"
  },
  "status": "pending",
  "expires": "2024-07-09T10:49:16Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/371683469817/KXCJWQ",
      "status": "pending",
      "token": "pGw9sdM5r7vh4LS0MujYsI0_cBKR4unTDihHBz1xOqI"
    },
    {
      "type": "dns-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/371683469817/ilMjtg",
      "status": "pending",
      "token": "pGw9sdM5r7vh4LS0MujYsI0_cBKR4unTDihHBz1xOqI"
    },
    {
      "type": "tls-alpn-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/371683469817/ULK_fQ",
      "status": "pending",
      "token": "pGw9sdM5r7vh4LS0MujYsI0_cBKR4unTDihHBz1xOqI"
    }
  ]
}
2024-07-02 10:49:12,259:DEBUG:acme.client:Storing nonce: eF-2qMJ97nK7NO5v-Dv-tnJxmAaVDL8EPH1NpOV2a_1pdnosIcU
2024-07-02 10:49:12,260:INFO:certbot._internal.auth_handler:Performing the following challenges:
2024-07-02 10:49:12,260:INFO:certbot._internal.auth_handler:http-01 challenge for sieunhan.langbach.io.vn
2024-07-02 10:49:12,261:INFO:certbot._internal.plugins.webroot:Using the webroot path /var/www/certbot for all unmatched domains.
2024-07-02 10:49:12,261:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/certbot/.well-known/acme-challenge
2024-07-02 10:49:12,263:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /var/www/certbot/.well-known/acme-challenge/pGw9sdM5r7vh4LS0MujYsI0_cBKR4unTDihHBz1xOqI
2024-07-02 10:49:12,264:DEBUG:acme.client:JWS payload:
b'{}'
2024-07-02 10:49:12,266:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/371683469817/KXCJWQ:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTgxNDc0MzU2NyIsICJub25jZSI6ICJlRi0ycU1KOTduSzdOTzV2LUR2LXRuSnhtQWFWREw4RVBIMU5wT1YyYV8xcGRub3NJY1UiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzM3MTY4MzQ2OTgxNy9LWENKV1EifQ",
  "signature": "nMF-uYHdli0AMLxoURQqceJ7-aMUEiZiJmVlvPW3nil9MUQZCduRNOGLjFkkRUhBlPowPiFsdA8zWZBMY71eYQX0H8E0aC-nXew9IMlAQmDbgt-RgZg2Xt6RbKEabLuDwyM5bqxsdIGl860n80HjDXxgdiZg7hE6bAHxbetk_utKNZTtmgWMfyUsAk58xsQ43WCuVSrg0a_4xcrAoI9i3JPc8xCnvoqho2_XUf4vJXe93KEcTdA2HGu4Ei4W1GmEXfoheg4FTSsuFdt7yUYb0IDlwSBfeldK1WamosPqMQ-8A5_8-HnjkkLZ__xsb4nXoYv9fnvmFQ0LbWs0HlNbGw",
  "payload": "e30"
}
2024-07-02 10:49:12,512:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/371683469817/KXCJWQ HTTP/1.1" 200 187
2024-07-02 10:49:12,513:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 02 Jul 2024 10:49:16 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1814743567
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/371683469817>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/371683469817/KXCJWQ
Replay-Nonce: B-hK_YLCdMirylpACT8h0u2tOe1Vv1BA77e5o2bHklhuBLS0Jbc
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/371683469817/KXCJWQ",
  "status": "pending",
  "token": "pGw9sdM5r7vh4LS0MujYsI0_cBKR4unTDihHBz1xOqI"
}
2024-07-02 10:49:12,513:DEBUG:acme.client:Storing nonce: B-hK_YLCdMirylpACT8h0u2tOe1Vv1BA77e5o2bHklhuBLS0Jbc
2024-07-02 10:49:12,513:INFO:certbot._internal.auth_handler:Waiting for verification...
2024-07-02 10:49:13,514:DEBUG:acme.client:JWS payload:
b''
2024-07-02 10:49:13,516:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/371683469817:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTgxNDc0MzU2NyIsICJub25jZSI6ICJCLWhLX1lMQ2RNaXJ5bHBBQ1Q4aDB1MnRPZTFWdjFCQTc3ZTVvMmJIa2xodUJMUzBKYmMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM3MTY4MzQ2OTgxNyJ9",
  "signature": "Vp2ACWOnKKq_09rm8F-iqVl9ibfcS4p2I-V5N6Vk1rUIlhXFCl1-yBYjePZVIvkozg1zttpZAvttbA00Pe3Rrex9EeE1kSL74c6coMnolsCxb4_ypXLZSnxhorf8SYF_nG42nOZy6Bsf7Ei98ml27dbgoMzDTmT4mE6R5CFO7sHCAwTEcRYmCqjLukWp-yg8AzK-9YIWiZZF90wraI6C3s04a5EOKr_l57AnueWKrTlqGm5KMXxAjJ22u3hlUsIIm7IS9-oeaB71JgvrVLv-hnbCiI3s1jSqbJYmZPKje4klW4MG4esH4nEvANFChbOW501r9_jjeJe0r2Qo-uUqUw",
  "payload": ""
}
2024-07-02 10:49:13,750:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/371683469817 HTTP/1.1" 200 807
2024-07-02 10:49:13,751:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 02 Jul 2024 10:49:18 GMT
Content-Type: application/json
Content-Length: 807
Connection: keep-alive
Boulder-Requester: 1814743567
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: B-hK_YLClD2HPdUP8NQojwWPQBXd62xhzz4mX3-U6kB7jl7MWqw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "sieunhan.langbach.io.vn"
  },
  "status": "pending",
  "expires": "2024-07-09T10:49:16Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/371683469817/KXCJWQ",
      "status": "pending",
      "token": "pGw9sdM5r7vh4LS0MujYsI0_cBKR4unTDihHBz1xOqI"
    },
    {
      "type": "dns-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/371683469817/ilMjtg",
      "status": "pending",
      "token": "pGw9sdM5r7vh4LS0MujYsI0_cBKR4unTDihHBz1xOqI"
    },
    {
      "type": "tls-alpn-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/371683469817/ULK_fQ",
      "status": "pending",
      "token": "pGw9sdM5r7vh4LS0MujYsI0_cBKR4unTDihHBz1xOqI"
    }
  ]
}
2024-07-02 10:49:13,752:DEBUG:acme.client:Storing nonce: B-hK_YLClD2HPdUP8NQojwWPQBXd62xhzz4mX3-U6kB7jl7MWqw
2024-07-02 10:49:16,752:DEBUG:acme.client:JWS payload:
b''
2024-07-02 10:49:16,754:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/371683469817:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTgxNDc0MzU2NyIsICJub25jZSI6ICJCLWhLX1lMQ2xEMkhQZFVQOE5Rb2p3V1BRQlhkNjJ4aHp6NG1YMy1VNmtCN2psN01XcXciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzM3MTY4MzQ2OTgxNyJ9",
  "signature": "Mgxc_5yNUw2-yE35sNHSzrtspg2qFhFpaD4J0Fr-r5q5_rQphITI23kr1EXBXbU1hoLEwAtPjx5Dae7rYUFcaWoBYIlCNmMNgUaxf7FNXoUo-6lW8LIMoEzU0xt8rcMlOCMMRQ4ijYzTLhvoLBqnoXR_WKf-0Y3YfkvHMQOIJnPlQH8F_uTGKOR4frJGsZ8pZNi_YP6yO-5e7bO47ZpBo9P5-VYT5o5SE_nNvNp7gqR4uHOfu4KlwKtOiG_OQabJpMET6tzrdgQzXsb5yZFTYXcMAKhEVf50dCNhVcp4PV7bml44tf2-_eoxKdlFdq-TZYBiituUqLaQFyz6Zss1aA",
  "payload": ""
}
2024-07-02 10:49:16,987:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/371683469817 HTTP/1.1" 200 1063
2024-07-02 10:49:16,988:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 02 Jul 2024 10:49:21 GMT
Content-Type: application/json
Content-Length: 1063
Connection: keep-alive
Boulder-Requester: 1814743567
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: B-hK_YLCaWK0KazKLYTpxpW_jjoGlz3iga2RuMvlhzJTiMj-23Q
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "sieunhan.langbach.io.vn"
  },
  "status": "invalid",
  "expires": "2024-07-09T10:49:16Z",
  "challenges": [
    {
      "type": "http-01",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/371683469817/KXCJWQ",
      "status": "invalid",
      "validated": "2024-07-02T10:49:16Z",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "103.124.92.248: Invalid response from http://sieunhan.langbach.io.vn/.well-known/acme-challenge/pGw9sdM5r7vh4LS0MujYsI0_cBKR4unTDihHBz1xOqI: 404",
        "status": 403
      },
      "token": "pGw9sdM5r7vh4LS0MujYsI0_cBKR4unTDihHBz1xOqI",
      "validationRecord": [
        {
          "url": "http://sieunhan.langbach.io.vn/.well-known/acme-challenge/pGw9sdM5r7vh4LS0MujYsI0_cBKR4unTDihHBz1xOqI",
          "hostname": "sieunhan.langbach.io.vn",
          "port": "80",
          "addressesResolved": [
            "103.124.92.248"
          ],
          "addressUsed": "103.124.92.248"
        }
      ]
    }
  ]
}
2024-07-02 10:49:16,988:DEBUG:acme.client:Storing nonce: B-hK_YLCaWK0KazKLYTpxpW_jjoGlz3iga2RuMvlhzJTiMj-23Q
2024-07-02 10:49:16,989:INFO:certbot._internal.auth_handler:Challenge failed for domain sieunhan.langbach.io.vn
2024-07-02 10:49:16,989:INFO:certbot._internal.auth_handler:http-01 challenge for sieunhan.langbach.io.vn
2024-07-02 10:49:16,989:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: sieunhan.langbach.io.vn
  Type:   unauthorized
  Detail: 103.124.92.248: Invalid response from http://sieunhan.langbach.io.vn/.well-known/acme-challenge/pGw9sdM5r7vh4LS0MujYsI0_cBKR4unTDihHBz1xOqI: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2024-07-02 10:49:16,992:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2024-07-02 10:49:16,992:DEBUG:certbot._internal.error_handler:Calling registered functions
2024-07-02 10:49:16,993:INFO:certbot._internal.auth_handler:Cleaning up challenges
2024-07-02 10:49:16,993:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/certbot/.well-known/acme-challenge/pGw9sdM5r7vh4LS0MujYsI0_cBKR4unTDihHBz1xOqI
2024-07-02 10:49:16,993:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2024-07-02 10:49:16,994:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/local/bin/certbot", line 33, in <module>
    sys.exit(load_entry_point('certbot', 'console_scripts', 'certbot')())
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/src/certbot/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 1894, in main
    return config.func(config, plugins)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 1600, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 143, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 517, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2024-07-02 10:49:16,996:ERROR:certbot._internal.log:Some challenges have failed.
2

Please don't use the --force-renewal option. It does not fix problems and often causes people to become rate limited (blocked).

The "404" in the error message is an HTTP "Not Found" error.

When using --webroot this usually means the webroot path you used on the Certbot command line did not match the root folder in your nginx server block. It can be caused by other problems.

But, to start would you please show the server block for this domain?

2 Likes
3

ảnh
ảnh1897×791 76.4 KB

This is the docker-compose configuration file

4

This is my nginx configuration file

ảnh
ảnh1204×936 96.2 KB

if want i can send file, thank you for trying to help me

1 Like
5

Can I provide any additional information that might be helpful?

1 Like
6

You need a location block around the return statement in your port 80 server block. Like below example.

But, are you sure the inbound HTTP request actually gets to your nginx server? Because the below is better but your error was for an HTTP URL. It did not redirect to HTTPS like would have happened before fixing your port 80 block.

Can you add an access log to nginx and then check if anything reaches it?

server {
    listen 80;
    listen [::]:80;     # if using IPv6
    server_name example.com www.example.com;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;   # this folder matches Certbot webroot path
    }
    location / {
       return 301 https://$host$request_uri;
    }
}
2 Likes
7

ảnh

I edited the configuration like this and log from nginx nginx's error.log section displays like this

2024/07/02 14:37:44 [notice] 1#1: using the "epoll" event method
2024/07/02 14:37:44 [notice] 1#1: nginx/1.27.0
2024/07/02 14:37:44 [notice] 1#1: built by gcc 12.2.0 (Debian 12.2.0-14)
2024/07/02 14:37:44 [notice] 1#1: OS: Linux 5.4.0-187-generic
2024/07/02 14:37:44 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2024/07/02 14:37:44 [notice] 1#1: start worker processes
2024/07/02 14:37:44 [notice] 1#1: start worker process 28
2024/07/02 14:37:50 [error] 28#28: *1 open() "/usr/share/nginx/html/.well-known/acme-challenge/L3hZK9fLxgWbpqx3bk4j4nvXb2R_0ozJnI2ImvuntyE" failed (2: No such file or directory), client: 23.178.112.109, server: localhost, request: "GET /.well-known/acme-challenge/L3hZK9fLxgWbpqx3bk4j4nvXb2R_0ozJnI2ImvuntyE HTTP/1.1", host: "sieunhan.langbach.io.vn"
2024/07/02 14:37:55 [notice] 1#1: signal 3 (SIGQUIT) received, shutting down
2024/07/02 14:37:55 [notice] 28#28: gracefully shutting down
2024/07/02 14:37:55 [notice] 28#28: exiting
2024/07/02 14:37:55 [notice] 28#28: exit
2024/07/02 14:37:55 [notice] 1#1: signal 17 (SIGCHLD) received from 28
2024/07/02 14:37:55 [notice] 1#1: worker process 28 exited with code 0
2024/07/02 14:37:55 [notice] 1#1: exit
2024/07/02 14:40:06 [notice] 1#1: using the "epoll" event method
2024/07/02 14:40:06 [notice] 1#1: nginx/1.27.0
2024/07/02 14:40:06 [notice] 1#1: built by gcc 12.2.0 (Debian 12.2.0-14)
2024/07/02 14:40:06 [notice] 1#1: OS: Linux 5.4.0-187-generic
2024/07/02 14:40:06 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2024/07/02 14:40:06 [notice] 1#1: start worker processes
2024/07/02 14:40:06 [notice] 1#1: start worker process 29
2024/07/02 14:40:10 [error] 29#29: *1 open() "/usr/share/nginx/html/.well-known/acme-challenge/82QbCjDepKhEP_HS9K3jdvXI8tcaGWR4XTUHOLNMa5g" failed (2: No such file or directory), client: 23.178.112.104, server: localhost, request: "GET /.well-known/acme-challenge/82QbCjDepKhEP_HS9K3jdvXI8tcaGWR4XTUHOLNMa5g HTTP/1.1", host: "sieunhan.langbach.io.vn"
2024/07/02 14:40:14 [notice] 1#1: signal 3 (SIGQUIT) received, shutting down
2024/07/02 14:40:14 [notice] 29#29: gracefully shutting down
2024/07/02 14:40:14 [notice] 29#29: exiting
2024/07/02 14:40:14 [notice] 29#29: exit
2024/07/02 14:40:15 [notice] 1#1: signal 17 (SIGCHLD) received from 29
2024/07/02 14:40:15 [notice] 1#1: worker process 29 exited with code 0
2024/07/02 14:40:15 [notice] 1#1: exit

but log access from nginx
23.178.112.109 - - [02/Jul/2024:14:37:50 +0000] "GET /.well-known/acme-challenge/L3hZK9fLxgWbpqx3bk4j4nvXb2R_0ozJnI2ImvuntyE HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
23.178.112.104 - - [02/Jul/2024:14:40:10 +0000] "GET /.well-known/acme-challenge/82QbCjDepKhEP_HS9K3jdvXI8tcaGWR4XTUHOLNMa5g HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"

1 Like
8

Sorry, I did not notice this in your earlier post.

You can see nginx is using the /usr/share/nginx/html folder. That server block you defined (and now fixed) is not the one processing the inbound HTTP request. Otherwise the path shown would be the root folder you used (/var/www/certbot).

You can prove this by adding an access_log to that server block and see if anything shows up there. Use a unique name for this log file. I am sure nothing will show up there.

Check your port mappings from your host to the container. And, anything else that may interfere.

Right now I cannot get a reply from your domain but maybe your system is down

curl -i http://sieunhan.langbach.io.vn
curl: (7) Failed to connect to sieunhan.langbach.io.vn port 80 after 707 ms: 
Connection refused
2 Likes
9

Oh no, I already know my mistake. I forget add listen [::]:80; in my nginx configuration after carefully checking nginx logs, I discovered the container was using ipv6 /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by- default.sh :))) but it seems that because I authenticated too many times, the error is now An unexpected error occurred:
certbot | Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt thank you for helping me before, But to be sure, if this error appears, the certbot container is working properly, right?

2 Likes
10

No, the "Error creating new order" happens early in the cert request sequence. Certbot is running but the cert validation may still fail.

Use the Let's Encrypt Staging system to test to avoid such rate limits. Just add --dry-run to the certbot command. Or, even --test-cert or --staging. See the Certbot docs for details of these.

3 Likes
11

Can you use curl -i http://sieunhan.langbach.io.vn again because I think the problem is due to my network connection Or maybe my virtual server provider has blocked it

12

I can reach your domain using HTTP. Testing from various locations looks okay too.

What is the specific error message from the cert request?

You can use a mobile phone with wifi disabled to test from the carrier's public network too.

3 Likes
13

maybe the error mainly comes from error] 28#28: *1 open() "/usr/share/nginx/html/.well-known/acme-challenge/a11dKIgJsQjdHCI4ZfHqTWFAPRP-ayw43eBRDxnGPHY" failed (2: No such file or folder), even though I have configured use location /.well-known/acme-challenge/ {
accept all;
root /var/www/certbot;
} But it seems that certbot still uses /usr/share/nginx/html/ to check the domain name. Maybe I have to reconfigure it to see if that fixes it.

14

Did you run Certbot as root or sudo?

1 Like
15

Did you add an access_log to that port 80 server block?

What showed up in there? Anything?

ALSO, you said you were using IPv6. Did you add the listen statement for IPv6 in that port 80 server block? I had an example of one in an earlier post.

2 Likes
16

ảnh
ảnh688×851 58.7 KB

I configured the file like this but I don't see the log file from access_80.log in my mapping

17

ảnh
ảnh1064×559 41.2 KB

18

I use the container for certbot so I don't know if I'm using root or sudo however in the nginx container I used root

1 Like
19

Then no requests are arriving in that server block
or your volume mapping is wrong

3 Likes
20

I updated some commands and accessed the nginx container to check that my /etc/nginx/conf path is the same as the external configuration. Do you have a sample configuration that might work for you?