Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mysite.com
http-01 challenge for www.mysite.com
Using default address 80 for authentication.
Using default address 80 for authentication.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. mysite.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mysite.com/.well-known/acme-challenge/UH-geFrEdUN10Br3dAN4uoT0biA2sxXXrf80: "
The requested URL
/.well-known/acme-challenge/geFrEdUN10Br3dAN4uoT0biA2sxXXrf80
was not found on "
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
ubuntu 16.04
nginx 1.10.3
certbot 0.28.0
The operating system my web server runs on is (include version):
as above
My hosting provider, if applicable, is: N/A
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
Renewals are now being done over port 80 (HTTP).
If you were previously using port 443 (HTTPS) for renewals, you might just be able to redirect all HTTP requests to HTTPS and LE will follow the redirection and find the file it was looking for.
If that fails, then you need to compare the vhost configs (:80 and :443) and depending on the differences found, take action to allow the authentication to complete via port 80 (HTTP).
I realize this redirection is somewhat vague, but without any specific information this is the best I can do.
That config seems to be only handling HTTP connections
There should be a second for the HTTPS connections.
Where do you handle the port forwarding?
Check where does port 80 go to and where does port 443 go to.
Both 80 and 443 is redirected to 8004 on this server right now from my switch.
Do I have to use two different ports for this because config can’t handle both in same listen?
According to the guide I mention in the beginning. It only says the nginx config to look like this.