Nginx with Docker. Certbot failed to authenticate some domains. Connection refused

I'm new to Docker and and Certbot and have following error, but not sure why the connection is being refused... Any ideas?

My domain is:
muaythai-shop.com

I ran this command:
docker-compose -f docker-compose.prod.yml run --rm certbot certonly --webroot --webroot-path /var/www/certbot/ -d muaythai-shop.com

It produced this output:
Account registered.
Requesting a certificate for muaythai-shop.com

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: muaythai-shop.com
Type: connection
Detail: 104.248.36.46: Fetching http://muaythai-shop.com/.well-known/acme-challenge/M6uTKHdz-k2J2AoDAao0xcwQ28ZIXs9mNo2dWTcQ-rM: Connection refused

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
ERROR: 1

My web server is (include version):
nginx:1.23.3-alpine

The operating system my web server runs on is (include version):
Ubuntu 20.04

My hosting provider, if applicable, is:
DigitalOcean

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no I'm using Docker

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.29.0

Hi @sudo_sudo, and welcome to the LE community forum

The HTTP connection was refused.
Is your HTTP site available from the Internet?

It was accessible via domain name, but since I have added this file to the root folder:

nginx/conf/muaythai-shop.com

and these lines of code to the docker-compose file it is not accessible anymore:

      - 443:443
    volumes:
      - ./nginx/conf/:/etc/nginx/conf.d/:ro 
      - ./certbot/www:/var/www/certbot/:ro 
    restart: unless-stopped

  certbot:
    image: certbot/certbot:latest 
    volumes:
      - ./certbot/www/:/var/www/certbot/:rw

The Nginx config file is on the right side of the screenshot, but not sure if it is correct...

Please show this file:

server {
    listen 80;
    listen [::]:80;

    server_name muaythai-shop.com www.muaythai-shop.com;
    server_tokens off;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://muaythai-shop.com$request_uri;
    }
}

server {
    listen 443 default_server ssl http2;
    listen [::]:443 ssl http2;

    server_name muaythai-shop.com;

    ssl_certificate /etc/nginx/ssl/live/muaythai-shop.com/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/live/muaythai-shop.com/privkey.pem;
    
    location / {
    	try_files $uri $uri/ =404;
    }
}

That can only be used once in the entire configuration.
Why did you use it there?
Doesn't that already exist elsewhere?

Also, HTTP redirects to HTTPS.
HTTPS has no root path.

It says "try_files" - try them where?

Thanks for your time! It seems to be rather a wrong Nginx configuration than a certbot issue...

About this:

default_server

I have found a config file on the bottom of the following website and and have adapted it as good as I can to my URL.

About this:

try_files

I have found it in the example of DigitalOcean but don't know what it means.

Keep looking...
Until you come across the "root" directive.
Then use that one too.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.