[nginx, docker] certbot certifcates - challenge webroot

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
sudo docker run -it --rm --name new_certbot \

-v '/home/ubuntu/docker/letsencrypt/data/etc/letsencrypt:/etc/letsencrypt'
-v '/home/ubuntu/docker/letsencrypt/data/var/lib/letsencrypt:/var/lib/letsencrypt'
certbot/certbot certonly --webroot --webroot-path=/var/www/certbot -d my.domain

My web server is (include version): nginx

My nginx config:
server {
server_name my.domain;

listen 80;

root /var/www;

location ~ /.well-known {
    allow all;
#   root /var/www/certbot
}


location ^~ /.well-known/acme-challenge {
    allow all;
    default_type "text/plain";
    root /var/www/certbot;

}

location / {
return 301 https://$host$request_uri;
expires epoch;
}
}

The operating system my web server runs on is (include version): ubuntu

I can login to a root shell on my machine (yes or no, or I don't know): yes

And, I wonder Why do I get 403 if I approach http://my.domain/.well-known/acme-challenge/ ?

I don't see a volume mapping for /var/www/certbot?

All Certbot/Let's Encrypt related volumes should be available to the Certbot and nginx container.

With regard to the 403: I dunno, I'd expect a 404.

Hi @ohimsoly, and welcome to the LE community forum

That section seems unnecessary and possibly problematic.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.