Not Found only with Certbot


My domain is:

I ran this command: certbot certonly --nginx --dry-run -d

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from []: “\r\nDocument Error: Not Found\r\n

Access Error: 404 – Not Found


 - The following errors were reported by the server:

   Type:   unauthorized
   Detail: Invalid response from
   []: "<!DOCTYPE html>\r\n<html><head><title>Document
   Error: Not Found</title></head>\r\n<body><h2>Access Error: 404 --
   Not Found</h2>\r\n<p>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version): nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: Hosting on my own server

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

When I use the --debug-challenges option, then take the location of the key and put into a browser, it works just fine but the certbot cannot verify it.


Hi @SimonCircle

I see, you have already checked your domain via

Port 80 is open, your website answers with a correct http status 404 - not found.

So try to find your root (in your vHost file) and use it:

certbot run -a webroot certonly -w yourRoot -d -d

To check if you have found your correct root, create the two subdirectories


there a file (file name 1234), then try to load that file via

Thanks for the quick reponse :grinning:

My root: /var/www/

When I run: certbot run -a webroot certonly -w /var/www/ -d -d

I just get: certbot: error: unrecognized arguments: certonly

I have created /var/www/, with hello in it. If you curl that with curl, you get 200 OK and the response is Hello


I love my errors - remove the run command :wink:

There are some combinations which doesn’t work. But I have to do too much other things.


Really? I have a 404 - not found:

Access Error: 404 – Not Found

Can’t locate document: /.well-known/acme-challenge/1234

Must work with non-www and www.


It’s not an Nginx server.

Nginx’s 404 Not Found pages look different.

The Server header is "App-webs/".

Edit: If I open in a browser, it redirects to a .asp Hikvision login page.


So, I got this when I curl it

GET /.well-known/acme-challenge/1234 HTTP/1.1
User-Agent: curl/7.58.0
Accept: */*

< HTTP/1.1 200 OK
< Server: nginx/1.14.0 (Ubuntu)
< Date: Thu, 14 Mar 2019 17:15:02 GMT
< Content-Type: application/octet-stream
< Content-Length: 6
< Last-Modified: Thu, 14 Mar 2019 17:00:36 GMT
< Connection: keep-alive
< ETag: "5c8a88b4-6"
< Accept-Ranges: bytes

but when I used this online site which lets you curl stuff:, I got >

<html><head><title>Document Error: Not Found</title></head>
<body><h2>Access Error: 404 -- Not Found</h2>
<p>Can't locate document: /.well-known/acme-challenge/1234</p>

Could it have something to do with that I am running this inside a LXC Container and not a VM


Are your DNS records correct? Is the correct IP?

Port forwarding settings?

Do you have a Hikvision surveillance camera or something?

1 Like

That is really weird, All my DNS records are correct and all my portforwarding is also correct


That’s interesting, my tool doesn’t see a redirect.

So that looks like a bot detection: Users -> login, bots -> nothing.


I have Hikvision stuff but they are not portforwarded and 80, 443 goes to my LXC Container


It uses JavaScript. :slightly_frowning_face:

window.location.href = "doc/page/login.asp?_"+nowDate.getTime();
1 Like

I just get 403 Forbidden (NGINX)


I check the content only, if it is https. There the tool sees redirects and meta refresh.

Should add it with http.


I have just changed the IP of the LXC Container and changed my port-forwarding settings accordingly, to ensure that it was not a IP overlapping issue. Because all my websites were redirecting to the Hikvision stuff before on my mobile phone.


No change for me yet.

Port 80 is the Hikvision.

Port 443 is a connection refused error.


So everything on my local network works just fine, but outside it just does not work. I will try restarting my router.


I would suggest combining the webroot authenticator with the nginx installer:

certbot -i nginx -a webroot -w /var/www/ -d -d

But firstly, your router/portforwarding/VM/otherstuff needs to be OK :slight_smile:

1 Like
closed #19

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.