No files in the /.well-known/acme-challenge folder

My domain is: aventastroy . ru

I ran this command: ./ssl_init.sh aventastroy.ru

Script:

#!/bin/bash

#from: https://raw.githubusercontent.com/wmnnd/nginx-certbot/master/init-letsencrypt.sh

domain=$1
rsa_key_size=4096
data_path="./data/certbot"
email="myemail@ya.ru" # Adding a valid address is strongly recommended
staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits

if [ ! -d "$data_path/conf" ]; then
  mkdir -p "$data_path/conf"
fi

echo "### Creating dummy certificate for $domain ..."
path="/etc/letsencrypt/live/$domain"
docker-compose run --rm --entrypoint "\
  mkdir -p '$path'" certbot
echo
docker-compose run --rm --entrypoint "\
  openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 3650\
    -keyout '$path/privkey.pem' \
    -out '$path/fullchain.pem' \
    -subj '/CN=$domain'" certbot
echo

echo "### Starting nginx ..."
docker-compose up --force-recreate -d nginx
echo

echo "### Deleting dummy certificate for $domain ..."
docker-compose run --rm --entrypoint "\
  rm -Rf /etc/letsencrypt/live/$domain && \
  rm -Rf /etc/letsencrypt/archive/$domain && \
  rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot
echo

# Select appropriate email arg
case "$email" in
  "") email_arg="--register-unsafely-without-email" ;;
  *) email_arg="--email $email" ;;
esac
# Enable staging mode if needed
if [ $staging != "0" ]; then staging_arg="--staging"; fi

docker-compose run --rm --entrypoint "\
  certbot certonly --webroot -w /var/www/ \
    $staging_arg \
    $email_arg \
    -d $domain \
    --rsa-key-size $rsa_key_size \
    --agree-tos \
    --force-renewal" certbot
echo

echo "### Reloading nginx ..."
docker-compose exec nginx nginx -s reload

My Docker-compose.yml:

version: "2"

services:
  nginx:
    build:
      context: ./nginx
      args:
        user_uid: "$user_uid"
        user_gid: "$user_gid"
    container_name: nginx
    depends_on:
      - source
      - php-fpm
    volumes_from:
      - source
    ports:
      - "80:80"
      - "443:443"
    networks:
      - mynet
    restart: always
  php-fpm:
    build:
      context: ./php-fpm
      args:
        user_uid: "$user_uid"
        user_gid: "$user_gid"
    container_name: php-fpm
    expose:
      - "9000"
    volumes_from:
      - source
    links:
      - mysql
    networks:
      - mynet
    restart: always
  certbot:
    image: certbot/certbot
    container_name: certbot
    volumes_from:
      - source
    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
  source:
    image: alpine
    container_name: source
    volumes:
      - ./data/logs/mysql:/var/log/mysql
      - ./data/mysql:/var/lib/mysql
      - ./data/logs/nginx:/var/log/nginx
      - ./data/logs/msmtp/:/var/log/msmtp/
      - ./data/.msmtprc:/var/.msmtprc
      - ./www:/var/www
      - ./data/logs/letsencrypt:/var/log/letsencrypt
      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/certbot/www:/var/www/.well-known/acme-challenge
    networks:
      - mynet
networks:
  mynet:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 10.100.254.0/24

I have error:

Requesting a certificate for aventastroy.ru

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: aventastroy.ru
  Type:   unauthorized
  Detail: Invalid response from http://aventastroy.ru/.well-known/acme-challenge/p2npNEqNVYaliyaacFa8Z0d_QDwZXV0EexXxkav3Ggo [2a03:6f00:1::5c35:7d24]: "<!DOCTYPE html>\n\n\n<html lang=\"ru\">\n   <head>\n      <base href=\"http://aventastroy.ru/\"/>\n      <meta name=\"viewport\" content=\"wi"

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

There are no files in the /.well-known/acme-challenge folder. Please help me, what's wrong?

Hi @LMarkovWeb, and welcome to the LE community forum

I'm sorry to hear about your troubles; but that is a terrible script and it should be removed from the Internet.

Unfortunately, I don't have any other advice other than for you to look for another script with a better review.

Do the IPv6 address and the IPv4 address both point the same server? If you're not sure you should remove the IPv6 AAAA record as Let's Encrypt will validate via IPv6 first.

Thanks for the reply. I looked at this manual
Nginx and Let’s Encrypt with Docker in Less Than 5 Minutes | by Philipp | Medium and here is the code on gitub
GitHub - wmnnd/nginx-certbot: Boilerplate configuration for nginx and certbot with docker-compose

Is it better not to use this solution?

UPD:
The problem was IPv6.

@rg305 Please tell me why this script is bad?

Yes, there was an IPv6 setting that I didn't pay attention to. I wouldn't have guessed. I deleted it and everything worked, thank you!

I showed you two reasons.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.