Invalid response from acme-challenge 404 but from browser its OK

Hi, encountered a strange error:

In certbot log I see 404 error, but if I open the link at the same moment in my browser I will see the correct answer:

In Nginx log I see that: - - [30/May/2023:14:43:06 +0300]"GET /.well-known/acme-challenge/iy4_DTlxl4uiCFVoCiFoa4tt9uX9IchRSH7JvpQyDQU HTTP/1.1" 404 15831".well-known/acme-challenge/iy4_DTlxl4uiCFVoCiFoa4tt9uX9IchRSH7JvpQyDQU" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +htt ps://""0.000" "-""-" "US"

but from browser code 200:

    • [30/May/2023:14:43:21 +0300]"GET /.well-known/acme-challenge/iy4_DTlxl4uiCFVoCiFoa4tt9uX9IchRSH7JvpQyDQU HTTP/2.0" 200 87"-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/113.0""0.000" "-""-" "-"

My domain is:

I ran this command:
certbot certonly --nginx -d
It produced this output:
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Invalid response from well-known/acme-challenge/iy4_DTlxl4uiCFVoCiFoa4tt9uX9IchRSH7JvpQyDQU: 404

My web server is (include version):
The operating system my web server runs on is (include version):
Ubuntu 22.04.2 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 2.6.0

Trying to reinstall cerbot, and disable ssl redirect but nothing has changed.
certbot log:

That is very strange that you get a 200 from your own browser. Because, the --nginx plug-in does not place a file in your webserver root folder. Instead, that plug-in makes temp changes to your nginx config to return the needed result using rewrite and a return statement in the server block for that domain.

Can you upload the /var/log/letsencrypt/letsencrypt.log file from the failed request? You will need to copy it to a .txt file to use the upload button on the forum post menu.


Hi, thanks for the reply! I attached the letsencrypt.log to the post)

1 Like

Try with

certbot certonly --nginx -d \
--nginx-sleep-seconds 10 --dry-run

Hi, thanks for the reply!
I ran this command and this is the result:

1 Like

Excellent. Now remove the --dry-run but keep the sleep-seconds and you should get a fresh production cert.


I did it without --dry-run and it worked just fine, thanks for the help!

1 Like

Great. In your first log I saw a cert request for a different domain name that failed oddly. If you want to review that would you show result of this

certbot certificates

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.