Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: remgeeshop.com

I ran this command: sudo certbot certonly --webroot -w /home/ubuntu/ecommerce/root_files/ -d remgeeshop.com -d www.remgeeshop.com

It produced this output:
Account registered.
Requesting a certificate for remgeeshop.com and www.remgeeshop.com

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: www.remgeeshop.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for www.remgeeshop.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.remgeeshop.com - check that a DNS record exists for this domain

Domain: remgeeshop.com
Type: unauthorized
Detail: 3.128.89.255: Invalid response from http://remgeeshop.com/.well-known/acme-challenge/J71_UQIE55JPxJuKdurhqatdQXYhi4D2957h9JvwcZM: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): nginx

The operating system my web server runs on is (include version): ubuntun pro

My hosting provider, if applicable, is: aws ec2

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): aws ec2 instance

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.21.0

These are two different errors. NXDOMAIN means you forgot to add dns records for your www. subdomain (you should add A and/or AAAA, same as @).

404 on the http-01 challenge means your webserver has some configuration issues or you told certbot the wrong webroot directory.

what it the webroot directory for because I am using django

Where does this come from?

Also, why are you using --webroot instead of --nginx?

Using webroot requires you to use the same directory as the root nginx directive for the proper server/location block.

-w /home/ubuntu/ecommerce/root_files/ this is the static files of my django website
okay okay I should use --nginx

if that works, yes. I don't know anything about your nginx configuration, and it can be, how do I put it... "messy," at the very least.

@chrispydev, if that had been the webroot expected it should have validated that name.
So... it must not be the correct webroot for that name.

I suspect that the vhost config only covers one of the two names and the default config is what is matched to this uncovered name.

We can be more certain when you show us the full nginx config, with:

nginx -T

Side note: Port 443 is presently closed.

$ nmap -Pn -p80,443 remgeeshop.com
Starting Nmap 7.94SVN ( https://nmap.org ) at 2023-12-23 13:22 PST
Nmap scan report for remgeeshop.com (3.128.89.255)
Host is up (0.081s latency).
rDNS record for 3.128.89.255: ec2-3-128-89-255.us-east-2.compute.amazonaws.com

PORT    STATE  SERVICE
80/tcp  open   http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds

And from around the world "Connection refused" for HTTPS - Permanent link to this check report

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.