Max retries exceeded with url: /directory

My domain is:

I ran this command: certbot certonly --webroot --webroot-path /usr/share/nginx/html/react --dry-run -d

It produced this output:

My web server is (include version): nginx latest

The operating system my web server runs on is (include version): ubuntu 18.04

My hosting provider, if applicable, is: hostinger

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot vesrsion: 2.0.0

i am trying to get certificate using certbot but whatever i do or change i still can not get successfull certificate response .What is weird i get it done in the same way in my different app on the same host, but different server a year ago and its working without issues until today, so i do not know it there was some change i am missing. App is build on django with react, nginx, certbot using dockerfile and docker compose.
When i am trying to get a certificate in a dry run i get an error that i linked above.

curl -v gives me this output:

nslookup output:

traceroute output:

If someone could help me solve this issue it would be great because i am out of ideas.

The title of your post says "Max retries exceeded with url: /directory"

But, I don't see that in any info you showed. Normally that message appears when you make too many failed attempts to request a cert. But, you show you are using the staging system which is very tolerant of failures. It is very unlikely to get a "max retries" failure for that.

What I do see in your log is this error:

socket.gaierror: [Errno -3] Try again

Which google says relates to a temp failure in DNS lookup.

I don't have any specific ideas but wanted to clarify the "max retries" message. Can you explain where you see that message?


this error message can be found in the first link i posted, line 51

1 Like

Thanks. The cause is the same errno -3 which looks like a DNS lookup problem.

When you run those test curl, nslookup or traceroute are they also in that same docker as you are running certbot?

Because my guess is something is wrong in your docker for DNS.


Hi, all commands are from the same docker.

I have decided to run on my other server which works correctly this command in my certbot container:
certbot certonly --webroot --webroot-path /usr/share/nginx/html/react --dry-run -d
and i got other issue which maybe creates the main problem:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Simulating a certificate request for
Performing the following challenges:
http-01 challenge for
Using the webroot path /usr/share/nginx/html/react for all unmatched domains.
Waiting for verification...
Challenge failed for domain
http-01 challenge for

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Type: unauthorized
Detail: Invalid response from 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Cleaning up challenges
Some challenges have failed.

Full log can be found here:

From other topic with the same problem you suggested to try something like this

mkdir -p /usr/share/nginx/html/react/.well-known/acme-challenge/
echo "Test_File-1234" > /usr/share/nginx/html/react/.well-known/acme-challenge/Test_File-1234

From both

it downloads the file

What exactly should i double check that might resolve my problem?

1 Like

This is what I get; doesn't seem to have properly created and served .well-known/acme-challenge/8B8ZBuCXyj9LJKMUjfilMqzZHZBMS-RJIoVeijWzwlM

$ curl -I
HTTP/1.1 404 Not Found
Server: nginx
Date: Fri, 16 Dec 2022 19:08:58 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 146
Connection: close
Vary: Accept-Encoding
1 Like

Using this online tool


> --------------------------------------------
> 404 Not Found
> --------------------------------------------

|**Status:**|404 Not Found|
| --- | --- |
|**Date:**|Fri, 16 Dec 2022 19:12:28 GMT|
|**Content-Type:**|text/html; charset=utf-8|

Seems like http (Port 80) redirection to https (Port 443) does not exist.

The HTTP-01 Challenge is on Port 80.

1 Like

Also using this online tool yields Connection refused for all around the world.

Using this online tool TCP Port Scanner, Online Port Scan, Port Scanning | IPVoid Scan all common ports using IPv4 Address of
443 TCP Closed https

$ nmap
Starting Nmap 7.80 ( ) at 2022-12-16 19:29 UTC
Nmap scan report for (
Host is up (0.16s latency).
Not shown: 995 filtered ports
22/tcp   open   ssh
80/tcp   open   http
443/tcp  closed https
5432/tcp open   postgresql
8000/tcp open   http-alt

Nmap done: 1 IP address (1 host up) scanned in 10.29 seconds
1 Like

oh sorry they shoud be both http at the beginning, https is not working yet, i edited post
But alone http nginx conf should be enought to get a certificate

My nginx config


This is what curl is showing me for http Port 80

$ curl -I
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 16 Dec 2022 19:33:12 GMT
Content-Type: application/octet-stream
Content-Length: 15
Last-Modified: Fri, 16 Dec 2022 18:42:55 GMT
Connection: close
ETag: "639cbc2f-f"
Accept-Ranges: bytes

$ curl
1 Like

ye, that seems fine to me but why when certbot is doing challenge gets 404

1 Like

What does ls -l /<path to proper location>/.well-known/acme-challenge/ show you?
Owner, permissions, is the file present, etc.
Share the output if you are comfortable doing so and that is is not sharing anything that should stay private.

1 Like

Who is the owner for nginx?
Who is running certbot?
Did you sudo for certbot?
I am grabbing at straws here with ownership and permissions of the .well-known/acme-challenge/ directory.


It should work from everything you've posted. I'd be curious to see if there's anything in the nginx error log.

You could try use the nginx authenticator as well:

certbot certonly -a nginx --http-01-port 8080 \
-d -d --dry-run

[sorry if this was stated earlier]
How does the port 80 request reach the service on port 8080?
Is there a NAT or proxy "helping"?


I typed this command on nginx container and the output is
-rw-r--r-- 1 root root 15 Dec 16 18:42 Test_File-1234


i cannot run this command on certbot container


Can you run any commands in the certbot container?

How are the containers "interconnected"?


i am running certbot certonly command in certbot container
my docker compose is as follows:

version: '3.9'
    restart: always
      context: .
      dockerfile: Dockerfile
    command: bash -c "python migrate && python collectstatic --noinput && gunicorn project.wsgi:application --bind --workers 5 --reload"
      - .:/anamazingwizard
      - media:/anamazingwizard/public/uploads
      - apps_static:/anamazingwizard/apps_static
      - "8000:8000"
      - db
    restart: always
      context: ./frontend
      dockerfile: Dockerfile
      - react_build:/react/build

    image: postgres:13-alpine
      - "5432:5432"
      - db:/var/lib/postgresql/data
      - .env
    restart: always
    image: nginx:latest
      context: ./nginx_prod
      dockerfile: Dockerfile
      - react_build:/usr/share/nginx/html/react
      - media:/anamazingwizard/public/uploads
      - apps_static:/usr/share/nginx/html/react/django_static
      - certbot-etc:/etc/nginx/ssl/
      - "80:8080"
      - "443:443"
      - backend
      - frontend
    command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
    image: certbot/certbot
    container_name: certbot
      - certbot-etc:/etc/letsencrypt
      - react_build:/usr/share/nginx/html/react
    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"


I don't see anything obviously wrong with that docker compose .

Why can't you run the command @_az showed?
What certbot certonly command are you running?