Nginx LE subdomain certbot-auto command not working

Please fill out the fields below so we can help you better.

My domain is: foodtruck.paulbrimleywebdev.com

I ran this command: sudo certbot-auto certonly -a webroot --webroot-path=/var/www/foodtruck.paulbrimleywebdev.com -d foodtruck.paulbrimleywebdev.com

It produced this output:
Failed authorization procedure. foodtruck.paulbrimleywebdev.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://foodtruck.paulbrimleywebdev.com/.well-known/acme-challenge/B0STL4Wi4SLEUvKfrE3I7GPSeHVbR_8fPnqhvsmGIrU [67.186.231.1]: 404

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: foodtruck.paulbrimleywebdev.com
  Type: unauthorized
  Detail: Invalid response from
  http://foodtruck.paulbrimleywebdev.com/.well-known/acme-challenge/B0STL4Wi4SLEUvKfrE3I7GPSeHVbR_8fPnqhvsmGIrU
  [67.186.231.1]: 404

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A record(s) for that domain
  contain(s) the right IP address.

My operating system is (include version): ubuntu server 14.04 LTS

My web server is (include version): nginx version: nginx/1.4.6 (Ubuntu)

My hosting provider, if applicable, is: godaddy

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): ?

I have been able to get the certificate for paulbrimleywebdev.com and www.paulbrimleywebdev.com to work, but I can’t for the subdomain.

Nginx and GoDaddy screen shot:

nginxGodaddyScreenShot.png604×1209 146 KB

I am new to all of this so don’t judge too harshly and thank you for your help :).

Try replacing your “location /.well-known/acme-challenge” and “location /.well-known” blocks with:

    location /.well-known/acme-challenge/ {
        root /var/www/paulbrimleywebdev.com;
    }

and

    location /.well-known/acme-challenge/ {
        root /var/www/foodtruck.paulbrimleywebdev.com;
    }

(By the way, it would be simpler to use the same root for all your acme-challenge directories, and only one certificate covering all of your subdomains.)

(Also, in future please use a pastebin instead of a screenshot.)

Thank you for your response. I tried the changes you suggested with the same results when running “sudo certbot-auto certonly -a webroot --webroot-path=/var/www/foodtruck.paulbrimleywebdev.com -d foodtruck.paulbrimleywebdev.com”:

Failed authorization procedure. foodtruck.paulbrimleywebdev.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://foodtruck.paulbrimleywebdev.com/.well-known/acme-challenge/YNJvv4tvb2yY_IAbKZfTpUGuDpEOJe5Ftg1Sbi74zaE [67.186.231.1]: 404

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: foodtruck.paulbrimleywebdev.com
  Type: unauthorized
  Detail: Invalid response from
  http://foodtruck.paulbrimleywebdev.com/.well-known/acme-challenge/YNJvv4tvb2yY_IAbKZfTpUGuDpEOJe5Ftg1Sbi74zaE
  [67.186.231.1]: 404

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A record(s) for that domain
  contain(s) the right IP address.

Any other ideas? Thank you!

The 404 pages in http://foodtruck.paulbrimleywebdev.com/.well-known/acme-challenge/ appear to be served by Express, same as the rest of the site. Files that exist may be handled differently, but nonexistent files are certainly not being handled consistently with the configuration screenshot.

I’d try to put a file in that directory and attempt to load it manually. See if that works. Try a file with an extension and one with no extension. Once you can get that working, then try certbot again.

and investigate your Nginx configuration and error.log

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.