Nginx with lets encrypt certbot

Help
1

I am getting below error . can you please help me on this and what is root cause and why i am facing this issue and how to permanently resolve this error

sudo certbot --nginx -d consent.mumbai-tech.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for consent.mumbai-tech.com

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: consent.mumbai-tech.com
Type: unauthorized
Detail: 115.246.15.222: Invalid response from http://consent.mumbai-tech.com/.well-known/acme-challenge/NbFmer2bxX7vMi1oaAKiflPITT9nbPX96b1fSXF7OlI: 403

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

2

below are nginx configuration file:-
sudo nano consent.mumbai-tech.com

# Redirect all HTTP traffic to HTTPS
server {
    listen 80;
    server_name consent.mumbai-tech.com;

    # Let’s Encrypt ACME challenge support
    location /.well-known/acme-challenge/ {
        root /var/www/letsencrypt;
        allow all;
#        root /var/www/html;
    }

    # Redirect all other HTTP traffic to HTTPS
    location / {
        return 301 https://$host$request_uri;
    }
}

# HTTPS server
server {
    listen 443 ssl http2;
    server_name consent.mumbai-tech.com;

    root /var/www/html;
    index index.html index.htm;

#    ssl_certificate /etc/letsencrypt/live/consent.mumbai-tech.com/fullchain.pem;
#    ssl_certificate_key /etc/letsencrypt/live/consent.mumbai-tech.com/privkey.pem;
#    include /etc/letsencrypt/options-ssl-nginx.conf;
#    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        try_files $uri $uri/ =404;
    }

    # ACME challenge route for renewals
    location /.well-known/acme-challenge/ {
        allow all;
        root /var/www/html;
    }

    # Optional: Add security headers
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}
3

An Apache server is replying to requests, not nginx

Request to: consent.mumbai-tech.com/115.246.15.222, Result: [Address=115.246.15.222,Address Type=IPv4,Server=Apache

Check the DNS public IP and any other network routing

1 Like
4

how to check nginx or apache replying to request?

5

Using curl commands are one way. You can also use a browser's developer tools to view network requests.

Note "Server" response header:

curl -i http://consent.mumbai-tech.com/.well-known/acme-challenge/Test404
HTTP/1.1 403 Forbidden
Date: Fri, 25 Jul 2025 17:53:11 GMT
Server: Apache
Content-Type: text/html; charset=iso-8859-1

A request to the home page gets a reply from Apache and shows a Nextcloud page along with a 400 HTTP error

curl -i http://consent.mumbai-tech.com

HTTP/1.1 400 Bad Request
Date: Fri, 25 Jul 2025 17:54:38 GMT
Server: Apache
(... other headers omitted)
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<html class="ng-csp" data-placeholder-focus="false" lang="en" data-locale="en" translate="no" >
        <head
 data-requesttoken="IKBvmDaofvfYzcbHzWSUKAODYz1fN6PlmfWWA1pmmgI=:VcMB6lLjEtzhg7eBqxLTZlXsNVkzZdCw8YPFVXUMr0w=">
                <meta charset="utf-8">
                <title>
                        Nextcloud               </title>
(... rest of page omitted)
1 Like
6

how to resolved this issue i am using nginx not apache so what do we need to be do?

7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.