This causes the below error to occur when trying to install or auto-renew a Let’s Encrypt certificate. Error message:
+ Requesting challenge for example.com...
+ Responding to challenge for example.com...
ERROR: Challenge is invalid! (returned: invalid) (result: {"type":"http-01","status":"invalid","error":{"type":"urn:acme:error:unauthorized","detail":"Invalid response from http://example.com/.well-known/acme-challenge/9FCJa2g5OZWcU83YfJ6223t9kv9_u8j75KDpyO9euec [45.55.39.187]: 404"},"uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/TSG_-qzqGvT16tqGPH5jqjWYKV_ky32kHq1S8J405DQ/30280009","token":"9FCJa2g5OZWcU83YfJ6223t9kv9_u8j75KDpyO9euec","keyAuthorization":"9FCJa2g5OZWcU83YfJ6223t9kv9_u8j75KDpyO9euec.je__JRh2XWYCIoXFLLphIk9Ts6EC7VgXyd3FG2GhI-0","validationRecord":[{"url":"http://example.com/.well-known/acme-challenge/9FCJa2g5OZWcU83YfJ6223t9kv9_u8j75KDpyO9euec","hostname":"example.com","port":"80","addressesResolved":["45.55.39.187"],"addressUsed":"45.55.39.187"}]})
Thus, I have tried adding the below exception to allow the acme-challene to pass through the basic authorization I have set up:
and many variations of the above; however, I continue to receive the same error as below. I was wondering if you can find a problem in my configuration above or if you have other suggestions.
I can’t see any problem with your location conf. The first thing you need to check is that you can reach the acme challenge because the error you are getting is a 404 Not found. Put a file in your /path/to/documentroot/.well-known/acme-challenge/hereyourtestfile and browse it http://yourdomain.tld/.well-known/acme-challenge/hereyourtestfile.
In your nginx error log you should have more details about what is going on. Anyway, you didn’t show your entire nginx server block nor the command you used to launch letsencrypt-auto so it’s complicated to help you .
I can’t see any problem in your nginx conf. So, next step is to know what are the parameters passed to letsencrypt-auto. I don’t know what that service does but I suppose that you are using certonly method with webroot authentication so you must be sure that you are specifying the right paths for your domain’s document root.
Anyway, you could try to run the letsencrypt-auto command by hand to be sure that the problem is not that service or how it is configured…