Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command: sudo certbot --nginx -d "alkarkhi.net,alkarkhi.com,alkarkhi.org,conference.alkark hi.net,conference.alkarkhi.com,conference.alkarkhi.org"
It produced this output:
Domain: alkarkhi.com
Type: unauthorized
Detail: Invalid response from https://alkarkhi.com/.well-known/acme-challenge/xxx [2a01:a500:1717:1808::52:342a]: "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n\t<head>\r\n\t\t<meta charset=\"UTF-8\">\r\n\t\t<meta name=\"viewport\" content=\"width=device-width, initi"
Domain: alkarkhi.org
Type: unauthorized
Detail: Invalid response from https://alkarkhi.org/.well-known/acme-challenge/xxx [104.128.190.143]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n"
Domain: conference.alkarkhi.com
Type: unauthorized
Detail: Invalid response from http://conference.alkarkhi.com/.well-known/acme-challenge/xxx [2a01:a500:1717:1808::52:342a]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n"
Domain: conference.alkarkhi.org
Type: unauthorized
Detail: Invalid response from http://conference.alkarkhi.org/.well-known/acme-challenge/xxx [104.128.190.143]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n"
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
My web server is (include version): nginx 1.18.0
The operating system my web server runs on is (include version): Debian 11
@certb0t There are some things you should or might want to correct. But, to help with why the challenges fail with a 404 not found it would be helpful to see the nginx server config. Please run sudo nginx -T and upload or paste the results.
Another thing is that your site is responding with an http code 200 but sending content that says "404 Not Found". The error from Certbot would make more sense if your http code is also 404 - as it should be.
Example (using https to match your error message for this domain):
Just headers:
curl -I https://alkarkhi.com/.well-known/acme-challenge/Test-Forum-123
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 20 Oct 2021 16:10:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Just content:
curl https://alkarkhi.com/.well-known/acme-challenge/Test-Forum-123
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>404 Not Found - Alkarkhi.com</title>
<link rel="stylesheet" href="https://alkarkhi.com/css/style.css">
<link rel="icon" href="https://alkarkhi.com/img/favicon.png">
Note, your conference domain server did not redirect to https and sent a 404 in the header with the 404 not found content. So, that is clearer.
I also noticed some of your domain names have IPv6 but others do not. This would not cause the challenge to fail the way it did. But, it looks like something you want to review. Both in the DNS and your server definitions.
@certb0t I understand better now but I am afraid I cannot help you. Hopefully someone with more experience can inform you better. To help them this is what I am not sure about:
The nginx conf you supplied has existing domains and all have DNS of only IPv4 of 45.92.156.106
The new domains you requested in the command in your first post had different IPs:
The alkarkhi.com and conference.alkarkhi.com have the same IPv4 and IPv6 addresses but they are different than existing IPv4 server conf domains.
I am not familiar enough with Certbot installation process to describe what you should do. I am sorry but hopefully this info will help someone provide you good advice.
"How do I request a certificate from a different server?"
That depends...
How much control do you have over the other server?
How much control do you have over the DNS zone the "other server" is in?
If you have no control over the "other site" (like: Google.com), then you won't be able to get a cert for it.
If you have control of the web service at that "other server", then you might be able to redirect the HTTP challenge requests to the system you are at and validate them locally.
If you have control of the DNS zone for that "other server", then you might be able to use DNS-01 validation to obtain a cert for any name from that zone (to include a wildcard cert).