OnlyOffice: "Certbot failed to authenticate some domains (authenticator: nginx)"

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email -d
It produced this output:

certbot_commandresponse_01_08032022.txt (1.9 KB)

My web server is (include version): nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 22.04

My hosting provider, if applicable, is: none. UJsing Cloudflare for registrar and DNS

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is : 1.21.0

Hello folks,
I've been round and round with this for weeks. I'm not sure why I still can't figure it out. I've looked at all the support and forum articles(including here) I could find. I seem to get close but not there.
What I'm trying to do is run a only office server that will integrate with my Nextcloud server. I have been using a reverse proxy that is sitting in front of my services (bitwarden, nextcloud, etc) but in this case, I when trying to receive the certificate, I have the reverse proxy removed from the equation.
I've tried turning the Cloudflare SSL encryption modes between Full and Full(strict) but no luck. I'm sure it is some obvious (to you folks) setting or settings that I'm mucking up.
Any help would be GREATLY appreciated. If there are any other logs or information you would like to see, I'll be happy to provide. Thanks

Hi @bonzo, and welcome to the LE community forum :slight_smile:

You need a working HTTP(S) site before you can use HTTP(S) authentication.
Cloudflare redirects all HTTP to HTTPS:

curl -I
HTTP/1.1 301 Moved Permanently

But the HTTPS site fails with error 502:

The expected challenge location returns 404 [better than 502]:

Maybe you can place a file in that location to see if it can be accessed from the Internet.
Let's have a look at the nginx config, with:
nginx -T


Hi and thanks for your attention! Yeah, I was wondering if the nginx configuration was lacking something for SSL.
The instructions I used probably assumed I had done the necessary config for that beforehand.
Here is the config:

nginx_config_07032022.txt (18.7 KB)

Thanks again for your help

1 Like

Here is a place to get a jump start on a configuration for nginx Mozilla SSL Configuration Generator


I see a bit of a catch-22 problem going on:

  • Cloudflare redirects HTTP to HTTPS
  • your site has no certificate to speak HTTPS

[HTTPS is now required to get a certificate (to be able to speak HTTPS)]

Is there any way to connect Cloudlfare to your site via HTTP ?
[until you have obtained a cert]


Thanks @Bruce5051 , that Mozilla page is great help! I'm getting further along in this process now.


Thanks @rg305 , you know, that is EXACTLY what I was thinking! But I just figured that I had missed something obvious. I can't imagine how many things I would have to turn off to get Cloudflare to work in HTTP.... BUT I think I can use Cloudflare's instructions for using their certificate creation, along with the comments from you guys to get the config for nginx xcorrect and move this forward.
Right now, I'm getting an error relating to the way onlyoffice wants their nginx config to be done and I have opened a question with that forum. Once I have that working, I'll try this again and update this post.


Excellent @bonzo! :smile:

1 Like