Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: 20b20t.org
I ran this command:
┌──(root㉿Gateway)-[/var/www/letsencrypt/.well-known/acme-challenge]
└─# sudo certbot certonly --webroot
-w /var/www/letsencrypt
-d 20b20t.org -d www.20b20t.org
--staging --debug-challenges
--agree-tos --email VincentBusinessMail@web.de --no-eff-email
It produced this output:
Challenges loaded. Press continue to submit to CA.
Pass "-v" for more info about challenges.
Press Enter to Continuels -la
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: 20b20t.org
Type: dns
Detail: 91.98.225.37: Fetching 20b20t.org DNS problem: networking error looking up A for 20b20t.org; DNS problem: networking error looking up AAAA for 20b20t.org
Domain: www.20b20t.org
Type: unauthorized
Detail: 91.98.225.37: Invalid response from 20b20t.org "\n<html lang="en">\n \n <meta charset="utf-8">\n <!-- Always force latest IE rendering engine or request"
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
My web server is (include version):
Webserver: Newest NGINX version
Gateway: Newest NGINX version
My hosting provider, if applicable, is:
Cloud and Selfhosted | SSH
Certbot Version:
┌──(root㉿Gateway)-[/var/www/letsencrypt/.well-known/acme-challenge]
└─# certbot --version
certbot 4.0.0
My NGINX configs:
Gateway:
┌──(root㉿Gateway)-[/etc/nginx/sites-available]
└─# cat proxy
server {
listen 80 default_server;
listen [::]:80 default_server;
location ^~ /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
default_type "text/plain";
}
location / {
proxy_pass http://100.64.0.5:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
server {
listen 80;
listen [::]:80;
server_name 20b20t.org www.20b20t.org *.20b20t.org;
# Certbot / ACME-Challenge direkt auf dem Gateway bedienen
location ^~ /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
default_type "text/plain";
}
# Alles andere zum internen Webserver
location / {
proxy_pass http://100.64.0.5:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Webserver:
root@Webserver:/etc/nginx/sites-available# cat all-domains
server {
listen 80;
server_name 20b20t.org www.20b20t.org forum.20b20t.org;
root /var/www/20b20t.org;
index index.php index.html;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.4-fpm.sock;
}
}
and
root@Webserver:/etc/nginx/sites-available# cat 20b20t.org.conf
server {
listen 80;
server_name 20b20t.org www.20b20t.org;
root /var/www/20b20t.org;
index index.php index.html;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.4-fpm.sock;
}
client_max_body_size 100M;
access_log /var/log/nginx/20b20t_access.log;
error_log /var/log/nginx/20b20t_error.log;
}