Hello!
I have a web server on which I’m currently running a few websites using Nginx directly as a web server. These websites work without any problems and I have obtained SSL certificates for them using the simple shell command sudo certbot --nginx.
Now I’d like to set up another website / web app (Dada Mail) on the same server. Since this is not a static website and I need Perl support via CGI, I cannot run it directly under Nginx but chose to run it under Apache, behind an Nginx reverse proxy. With Nginx, I would like to forward Port 80 to Port 7722 and Port 443 to Port 7723 for this particular website. Ports 7722 and 7723 shall be served by Apache.
I managed to get Nginx working as the reverse proxy and Apache serving a basic test page. But I’m not able to obtain an SSL certificate for the domain because the HTTP-01 challenge fails.
So I must be missing something in the configuration of Nginx and/or Apache, but I don’t know what and where to look. I’m still new to web server administration, so my mistake might be something very basic.
If someone has an idea what might be missing, I’d love to know. Bonus points if you can give me the actual missing lines in the config files. 
Thanks in advance!
My domain is: mailverteiler.clemensholzapfel.de
I ran this command:
sudo certbot --nginx -d mailverteiler.clemensholzapfel.de -d www.mailverteiler.clemensholzapfel.de
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mailverteiler.clemensholzapfel.de
http-01 challenge for www.mailverteiler.clemensholzapfel.de
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. mailverteiler.clemensholzapfel.de (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mailverteiler.clemensholzapfel.de/.well-known/acme-challenge/rSLfJQsvmpvdTbCBm577Lq9SQAGaBZ--bdoegeQdK88 [2001:19f0:b001:f28:5400:2ff:fee3:f3be]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>", www.mailverteiler.clemensholzapfel.de (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.mailverteiler.clemensholzapfel.de/.well-known/acme-challenge/KzRvH_w-mLyjzxoBhQ9LCiX-GLHwtTjHn23F0oM4Nck [2001:19f0:b001:f28:5400:2ff:fee3:f3be]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: mailverteiler.clemensholzapfel.de
Type: unauthorized
Detail: Invalid response from
http://mailverteiler.clemensholzapfel.de/.well-known/acme-challenge/rSLfJQsvmpvdTbCBm577Lq9SQAGaBZ--bdoegeQdK88
[2001:19f0:b001:f28:5400:2ff:fee3:f3be]:
"<html>\r\n<head><title>404 Not Found</title></head>\r\n<body
bgcolor=\"white\">\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>"
Domain: www.mailverteiler.clemensholzapfel.de
Type: unauthorized
Detail: Invalid response from
http://www.mailverteiler.clemensholzapfel.de/.well-known/acme-challenge/KzRvH_w-mLyjzxoBhQ9LCiX-GLHwtTjHn23F0oM4Nck
[2001:19f0:b001:f28:5400:2ff:fee3:f3be]:
"<html>\r\n<head><title>404 Not Found</title></head>\r\n<body
bgcolor=\"white\">\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is: Apache 2.4.38 behind Nginx reverse proxy (1.14.2)
The operating system my web server runs on is: Debian GNU/Linux 10 (buster) x86_64
My hosting provider is: VULTR.com
I can login to a root shell on my machine: yes
I’m using a control panel to manage my site: no
The version of my client is: Certbot 0.31.0
My /etc/nginx/sites-enabled/mailverteiler file:
server {
server_name mailverteiler.clemensholzapfel.de www.mailverteiler.clemensholzapfel.de;
root /var/www/mailverteiler/;
access_log off;
# Static contents
location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ {
expires max;
}
# Dynamic content, forward to Apache
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:7722;
}
}
My etc/apache2/sites-enabled/mailverteiler.conf file:
<VirtualHost *:7722>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/mailverteiler
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
My /etc/apache2/ports.conf:
Listen 7722
<IfModule ssl_module>
Listen 7723
</IfModule>
<IfModule mod_gnutls.c>
Listen 7723
</IfModule>