[nginx, docker] certbot certifcates - challenge webroot

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
sudo docker run -it --rm --name new_certbot \

-v '/home/ubuntu/docker/letsencrypt/data/etc/letsencrypt:/etc/letsencrypt'
-v '/home/ubuntu/docker/letsencrypt/data/var/lib/letsencrypt:/var/lib/letsencrypt'
certbot/certbot certonly --webroot --webroot-path=/var/www/certbot -d my.domain

My web server is (include version): nginx

My nginx config:
server {
server_name my.domain;

listen 80;

root /var/www;

location ~ /.well-known {
    allow all;
#   root /var/www/certbot

location ^~ /.well-known/acme-challenge {
    allow all;
    default_type "text/plain";
    root /var/www/certbot;


location / {
return 301 https://$host$request_uri;
expires epoch;

The operating system my web server runs on is (include version): ubuntu

I can login to a root shell on my machine (yes or no, or I don't know): yes

And, I wonder Why do I get 403 if I approach http://my.domain/.well-known/acme-challenge/ ?

I don't see a volume mapping for /var/www/certbot?

All Certbot/Let's Encrypt related volumes should be available to the Certbot and nginx container.

With regard to the 403: I dunno, I'd expect a 404.


Hi @ohimsoly, and welcome to the LE community forum :slight_smile:

That section seems unnecessary and possibly problematic.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.