Nginx 404 despite domain hitting the nginx server

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: the3dprintingmagazine.com

I ran this command: sudo certbot certonly --webroot --agree-tos -d the3dprintingmagazine.com -w /var/www/html/

It produced this output:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: the3dprintingmagazine.com
Type: unauthorized
Detail: 45.32.182.217: Invalid response from https://the3dprintingmagazine.com/.well-known/acme-challenge/lq5-ZLcCSKZiceWT5PFDiCmUeLEtcrDZYgcvLsi2Nnw: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

My web server is (include version): nginx/1.14.1

The operating system my web server runs on is (include version): Alma 8 4.18.0-372.9.1.el8.x86_64

My hosting provider, if applicable, is: vultr

I can login to a root shell on my machine (yes or no, or I don't know): yes as sudo user

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.22.0

I can get the SSL for the subdomain but not for the main domain. Both point to the same IP in the DNS.
This is why I am confused.

Visiting http://the3dprintingmagazine.com/.well-known/acme-challenge/xyz results in a redirect to the HTTPS version of that URL.

Since you do not have a certificate for the3dprintingmagazine.com yet, https://the3dprintingmagazine.com/.well-known/acme-challenge/xyz serves the virtualhost of your subdomain, rather than your main domain. (Unintuitive, but that's how the popular webservers implement SNI). This is presumably under a different webroot to the one you've requested, so the process fails.

I think the simple way to get this to work would be to use --nginx.

certbot certonly --nginx -d the3dprintingmagazine.com 

and it will work out the details for you.

2 Likes

ok thanks I will try it.

1 Like

that worked. Thank you :slight_smile:

1 Like