Issues with Nginx Let’s Encrypt Certificate

While executing this command docker compose -f docker-compose-le.yaml up --build. I'm getting an error:

WARN[0000] Found orphan containers ([nginx-service]) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up. 
[+] Running 1/0
 ✔ Container certbot-service  Created                                                                             0.0s 
Attaching to certbot-service
certbot-service  | Saving debug log to /var/log/letsencrypt/letsencrypt.log
certbot-service  | Plugins selected: Authenticator webroot, Installer None
certbot-service  | Requesting a certificate for
certbot-service  | Performing the following challenges:
certbot-service  | http-01 challenge for
certbot-service  | Using the webroot path /tmp/acme_challenge for all unmatched domains.
certbot-service  | Waiting for verification...
certbot-service  | Challenge failed for domain
certbot-service  | http-01 challenge for
certbot-service  | 
certbot-service  | Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
certbot-service  |   Domain:
certbot-service  |   Type:   unauthorized
certbot-service  |   Detail: Invalid response from 404
certbot-service  | 
certbot-service  | Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
certbot-service  | 
certbot-service  | Cleaning up challenges
certbot-service  | Some challenges have failed.
certbot-service  | Ask for help or search for solutions at See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
certbot-service exited with code 1

Any idea why I'm not able to generate Encrypt certificate?

A Server: Vercel is part of the response for an HTTP Challenge request to that domain. Is it the service that should handle that? If so, have you configured it to serve the acme challenge token from the /tmp/acme_challenge folder you chose for --webroot path?

Vercel looks like some sort of CDN to me. It is using a cert that does not expire for 45 more days. Usually renewal is at 30 days. Is there some reason you are doing this early?

curl -I
HTTP/1.1 404 Not Found
Server: Vercel
X-Vercel-Id: iad1::tcx4h-1697730923296-b5127e20a128

I have 404 ideas:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.