Invalid status .well-known/acme-challenge

Hello everyone,

Im trying to create a certificate with Ubuntu + Docker + Ngnix and this is the response I got:

Info: running acme-companion version v2.4.0-6-ge9c01c9
Warning: '/etc/acme.sh' does not appear to be a mounted volume.
Info: 4096 bits RFC7919 Diffie-Hellman group found, generation skipped.
Reloading nginx docker-gen (using separate container nginx-gen)...
Reloading nginx (using separate container a5ea398a0c5df0670bb05c861352f4dce7ff1fb7c164feb74f9fe5907d82cf4e)...
2024/06/26 17:27:29 Generated '/app/letsencrypt_service_data' from 5 containers
2024/06/26 17:27:29 Running '/app/signal_le_service'
2024/06/26 17:27:29 Watching docker events
2024/06/26 17:27:29 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/signal_le_service'
[Wed Jun 26 17:27:30 UTC 2024] Create account key ok.
[Wed Jun 26 17:27:30 UTC 2024] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Wed Jun 26 17:27:32 UTC 2024] Registered
[Wed Jun 26 17:27:32 UTC 2024] ACCOUNT_THUMBPRINT='vTFZ8InIn0XoZftNmYez4D22FL4YmnKsAr2hR_8zTFY'
Creating/renewal myclient.example.com certificates... (myclient.example.com)
[Wed Jun 26 17:27:33 UTC 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed Jun 26 17:27:33 UTC 2024] Creating domain key
[Wed Jun 26 17:27:34 UTC 2024] The domain key is here: /etc/acme.sh/my@mail.com/myclient.example.com/myclient.example.com.key
[Wed Jun 26 17:27:34 UTC 2024] Generate next pre-generate key.
[Wed Jun 26 17:27:35 UTC 2024] Single domain='myclient.example.com'
[Wed Jun 26 17:27:35 UTC 2024] Getting domain auth token for each domain
[Wed Jun 26 17:27:37 UTC 2024] Getting webroot for domain='myclient.example.com'
[Wed Jun 26 17:27:37 UTC 2024] Verifying: myclient.example.com
[Wed Jun 26 17:27:38 UTC 2024] Pending, The CA is processing your order, please just wait. (1/30)
[Wed Jun 26 17:27:41 UTC 2024] Invalid status, myclient.example.com:Verify error detail:141.94.215.127: Invalid response from http://myclient.example.com/.well-known/acme-challenge/fFzYbRfcyEDN9_-H5E8gmYjvmfsCUk3UiVNEOGgaZGA: 404
[Wed Jun 26 17:27:41 UTC 2024] Please check log file for more details: /dev/null
Sleep for 3600s

I change my letsencrypt mail with "my@mail.com" and my domain with myclient.example.com
I never see this error before. Always work good 2 months ago.

Could someone help me!?

Thanks in advance.

First, mydomain.com is a valid domain name. Please do not use other peoples domains in your examples. If you must use example.com.

Without the actual domain there is not much specific we can say.

I will explain that the 404 in the error is an HTTP error "Not Found". The Let's Encrypt server sent the HTTP Challenge request to your server. But, your server said it did not have the token to send back.

This is usually a mis-match between the webroot path you gave to acme.sh and the path used by your nginx server for that domain.

Also check your version of nginx-proxy is compatible with the version of acme-companion you are using, they changed http challenge support and you are using their latest acme-companion version from a few days ago (so, that changed since you last renewed)

Sorry for that, I've already changed it.

Thanks so much webprofusion.
I use this version of docker-compose to Nginx:

version: '3'
services:
  nginx-proxy:
    image: nginx
    restart: always
    container_name: nginx-proxy
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - './conf.d:/etc/nginx/conf.d'
      - './vhost.d:/etc/nginx/vhost.d'
      - './html:/usr/share/nginx/html'
      - './certs:/etc/nginx/certs:ro'
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    networks:
      - nginx-net

  nginx-gen:
    image: jwilder/docker-gen
    restart: always
    container_name: nginx-gen
    command: -notify-sighup nginx-proxy -wait 5s:30s -watch /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
    volumes:
      - './conf.d:/etc/nginx/conf.d'
      - './vhost.d:/etc/nginx/vhost.d'
      - './html:/usr/share/nginx/html'
      - './certs:/etc/nginx/certs:ro'
      - '/var/run/docker.sock:/tmp/docker.sock:ro'
      - './nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro'
    links:
      - nginx-proxy
    networks:
      - nginx-net

  nginx-ssl:
    image: nginxproxy/acme-companion
    restart: always
    container_name: nginx-ssl
    volumes:
      - './conf.d:/etc/nginx/conf.d'
      - './vhost.d:/etc/nginx/vhost.d'
      - './html:/usr/share/nginx/html'
      - './certs:/etc/nginx/certs:rw'
      - '/var/run/docker.sock:/var/run/docker.sock:ro'
      - './nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro'
    environment:
      - ACME_CA_URI
      - "NGINX_DOCKER_GEN_CONTAINER=nginx-gen"
    links:
      - nginx-proxy
      - nginx-gen
    networks:
      - nginx-net

volumes:
  nginx-conf:
  nginx-vhost:
  nginx-html:
  nginx-gen-tmpl:
  nginx-ssl:

networks:
  nginx-net:
    external: true

With your reply first I tried change the image release to 2.3 and Its solve the problem:

nginx-ssl:
    image: nginxproxy/acme-companion:2.3
    restart: always
    container_name: nginx-ssl
    volumes:
      - './conf.d:/etc/nginx/conf.d'
      - './vhost.d:/etc/nginx/vhost.d'
      - './html:/usr/share/nginx/html'
      - './certs:/etc/nginx/certs:rw'
      - '/var/run/docker.sock:/var/run/docker.sock:ro'
      - './nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro'
    environment:
      - ACME_CA_URI
      - "NGINX_DOCKER_GEN_CONTAINER=nginx-gen"
    links:
      - nginx-proxy
      - nginx-gen
    networks:
      - nginx-net

After I tried adding "ACME_HTTP_CHALLENGE_LOCATION" with latest image:

nginx-ssl:
    image: nginxproxy/acme-companion
    restart: always
    container_name: nginx-ssl
    volumes:
      - './conf.d:/etc/nginx/conf.d'
      - './vhost.d:/etc/nginx/vhost.d'
      - './html:/usr/share/nginx/html'
      - './certs:/etc/nginx/certs:rw'
      - '/var/run/docker.sock:/var/run/docker.sock:ro'
      - './nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro'
    environment:
      - ACME_CA_URI
      - ACME_HTTP_CHALLENGE_LOCATION
      - "NGINX_DOCKER_GEN_CONTAINER=nginx-gen"
    links:
      - nginx-proxy
      - nginx-gen
    networks:
      - nginx-net

But the error persist.

Could you help me??

Thanks!

Based on
https://github.com/search?q=repo%3Anginx-proxy%2Fnginx-proxy%20ACME_HTTP_CHALLENGE_LOCATION&type=code
I'm guessing you need ACME_HTTP_CHALLENGE_LOCATION: set to "true"` "false" or "legacy"

Sorry I have no idea how to configure that software I'm just looking at their github page and saying what I see.

As an aside, it's generally easier to host web sites and web applications directly without using docker etc. Up to you, but this seems incredibly complex. If you used something like Caddy directly on Ubuntu it would auto configure https for you etc.

Thank you for your collaboration. For now, I consider it resolved by using version 2.3. If at any point I find the option to use the latest image along with ACME_HTTP_CHALLENGE_LOCATION, I will update the solution.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.