Issue with creating SSL certificate


My domain is:

I ran this command: docker compose run --rm certbot certonly --webroot --webroot-path /var/www/certbot/ -d

It produced this output:

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Type:   connection
  Detail: Fetching Error getting validation data

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): nginx:stable-alpine (dockerized)

The operating system my web server runs on is (include version): Canonical-Ubuntu-20.04-aarch64-2023.01.31-0

My hosting provider, if applicable, is: namecheap

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot:arm64v8-v2.3.0 (dockerized)

I have dockerized both certbot and Nginx. Here is how my docker compose looks like:

    image: nginx:stable-alpine
        - ./reverse_proxy/nginx.conf:/etc/nginx/conf.d/default.conf/:ro
        - ./certbot/www:/var/www/certbot/:ro
        - ./certbot/conf/:/etc/nginx/ssl/:ro
    restart: always
        - 80:80
    image: certbot/certbot:arm64v8-v2.3.0
      - ./certbot/www/:/var/www/certbot/:rw
      - ./certbot/conf/:/etc/letsencrypt/:rw

My code in Nginx:

map $http_upgrade $connection_upgrade {
   default upgrade;
   '' close;

server {
   listen 80;gzip on;
   listen [::]:80;

   server_tokens off;

   gzip_proxied any;
   gzip_comp_level 4;
   gzip_types text/css application/javascript image/svg+xml;

	location ~ ^/rest/v1/(.*)$ {
    	proxy_set_header Host $host;
      proxy_pass http://kong:8000;
      proxy_redirect off;

	# Authentication
	location ~ ^/auth/v1/(.*)$ {
      proxy_set_header Host $host;
      proxy_pass http://kong:8000;
      proxy_redirect off;

	# Realtime
	location ~ ^/realtime/v1/(.*)$ {
      proxy_redirect off;
      proxy_pass http://kong:8000;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;
      proxy_set_header Host $host;

   location /.well-known/acme-challenge/ {
      root /var/www/certbot;

   location / {
      proxy_pass http://studio:3000/;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_redirect off;

server {
    listen 443 default_server ssl http2;
    listen [::]:443 ssl http2;


    ssl_certificate /etc/nginx/ssl/live/;
    ssl_certificate_key /etc/nginx/ssl/live/;
    location / {
    	# ...

Hello @Muntasir2001, welcome to the Let's Encrypt community. :slightly_smiling_face:

Using Let's Debug gets these results showing Port 80 is not available. The HTTP-01 challenge (Challenge Types - Let's Encrypt) requires Port 80. Best Practice - Keep Port 80 Open

$ nmap
Starting Nmap 7.80 ( ) at 2023-02-16 19:17 UTC
Nmap scan report for (
Host is up (0.16s latency).
Not shown: 994 filtered ports
22/tcp   open   ssh
443/tcp  closed https
3000/tcp open   ppp
5432/tcp open   postgresql
8000/tcp open   http-alt
8443/tcp open   https-alt

Nmap done: 1 IP address (1 host up) scanned in 19.79 seconds

That seems risky [to me].

The root line might need to match the location line [syntactically].
The location line ends with "/".
The root line has no trailing "/".


Hello @rg305 and @Bruce5051

Thank you so much for replying.

I will have a look into the issues you have highlighted. I thought I have opened port 80 but it seems like it didn't open. I will have another look into this.



Hey @Bruce5051

It seems like the firewall was blocking port 80 for some reason (even though the firewall is disabled) or maybe it was not the firewall but I got that sorted and the certificate seems to be generated successfully.

However, I do not see the HTTPS sign right next to the URL for some reason :frowning: . Here is a screenshot of the URL. Do you know why it could be by any chance?


1 Like

I can't remember why I have added gzip in the first place. This code was copy pasted from one of my previous project so I believe I had a file upload system setup in that project.

I got rid off them now :slight_smile:

1 Like

For I see this

For I see this is showing "It's all good. We have not detected any issues."

And SSL Server Test: (Powered by Qualys SSL Labs) look ok.

You might find nginx documentation and helpful as well.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.