The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Some challenges have failed.
I did restart NGINX service prior to running this command.
Arrrrgh this sent me down a very deep rabbit hole with nginx and Windows, but I think I know what's wrong.
Apparently on Windows, any root you provide has to be relative to the directory where nginx is installed. When we try to pass C:\WEB_SERVERS as a root, it doesn't work.
So, on my test Windows server, I did it like this.
With the new location block I suggested, I changed it to:
location /.well-known/acme-challenge/ {
}
then I adjusted the Certbot command to be (you'll need to fix the nginx path to the one on your server):
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
PS C:\Windows\system32> certbot certonly --webroot -w "C:/WEB_SERVERS/nginx/html/" -d midwestrp.net
Saving debug log to C:\Certbot\log\letsencrypt.log
Requesting a certificate for midwestrp.net
Successfully received certificate.
Certificate is saved at: C:\Certbot\live\midwestrp.net\fullchain.pem
Key is saved at: C:\Certbot\live\midwestrp.net\privkey.pem
This certificate expires on 2023-04-12.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
If you like Certbot, please consider supporting our work by:
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Based on that configuration screenshot and the fact you're getting a 502, I'd be sure that you haven't restarted nginx since applying the change. But I suppose that since we last talked, you must have done it at least once.
I would guess that the 502 comes from the proxy_pass, which means that the location rule for /.well-known/acme-challenge/ isn't applying for some reason.
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Please show the recently added code to that server block.
[it might possibly have a TYPO]
Also, try placing a file in that expected challenge folder [like: TEXT.TXT]
Then see if it can be reached via the Internet: http://ia.midwestrp.net/.well-known/acme-challenge/TEST.TXT