Not quite sure why this is happening, I verified the following:
- The directory in
[renewalparams]
for the domain is correctly set to/var/www/twifag.com
- I created a .well-known subdirectory in the above along with a test HTML file and was able to access it by using the address http://twifag.com/.well-known/test.html
- I created a .well-known/acme-challenge subdirectory in the above along with a test HTML file and was able to access it by using the address http://twifag.com/.well-known/acme-challenge/test.html
- I created a file without an extension and verified it was accessible in the .well-known/acme-challenge directory
- I ran certbot with -vvv and verified it was using the proper directory
Attempting to save validation to /var/www/twifag.com/.well-known/acme-challenge/GkZ1R31xlzk6IeltF6HEmNzbXB8_pLq5NfSn_kydulw
Attempting to save validation to /var/www/twifag.com/.well-known/acme-challenge/Bi2EbzFrvgdHpkwVBqBMjjxW3wiBRg0KfgzGMek-7Iw
Waiting for verification...
Given the above, I verified both the certbot conf is pointing to the proper directory, certbot reports it's creating the challenge files in the proper directory, and that there is no possibility of having a 404 error. But I am getting 404 errors.
My domain is: twifag.com
I ran this command: certbot --noninteractive --agree-tos --rsa-key-size 4096 --hsts --redirect --uir --staple-ocsp renew
It produced this output:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/twifag.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for twifag.com
http-01 challenge for www.twifag.com
Waiting for verification...
Challenge failed for domain twifag.com
Challenge failed for domain www.twifag.com
http-01 challenge for twifag.com
http-01 challenge for www.twifag.com
Cleaning up challenges
Attempting to renew cert (twifag.com) from /etc/letsencrypt/renewal/twifag.com.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/twifag.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/twifag.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: twifag.com
Type: unauthorized
Detail: 2604:2dc0:100:318c::def: Invalid response from
http://twifag.com/.well-known/acme-challenge/Fk3FhQX5VhTEFrvUN2PiRuWuRDCyUVzhjXo2MaEVlSU:
404
Domain: www.twifag.com
Type: unauthorized
Detail: 2604:2dc0:100:318c::eeee: Invalid response from
http://www.twifag.com/.well-known/acme-challenge/dP9k1sis3LJGvAkpW4Mb_NlLgGCyK_JnvM9n64lD11s:
404
My web server is (include version): nginx 1.19.9
The operating system my web server runs on is (include version): Ubuntu 20.04
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): 0.40.0
Thanks for any assistance.