Same old letsencrypt failure


Please fill out the fields below so we can help you better.

My domain is: Set ip address with domain in digital ocean yesterday early afternoon.

I ran this command: /opt/letsencrypt/letsencrypt-auto --config /etc/letsencrypt/configs/ certonly

config file:

domains =
email =
text = True
authenticator = webroot
webroot-path = /var/web/letsencrypt
agree-tos = True

It produced this output:

My operating system is (include version): Ubuntu 16.04

My web server is (include version): nginx

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;


  include ssl_params;

  # ssl_certificate /etc/letsencrypt/live/;
  # ssl_certificate_key /etc/letsencrypt/live/;

  location / {

    include proxy_params;

    proxy_pass http://phoenix;
    proxy_redirect off;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;

  location /.well-known/acme-challenge {
    root /var/web/letsencrypt;

server {
  listen 80;


  location / {
    return 301 https://$server_name$request_uri;

  location /.well-known/acme-challenge {
    root /var/web/letsencrypt;

  # Deny illegal host headers
  if ($host !~* ^$) {
      return 444;

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Does anybody have any debugging tips? Been at this for ~6 hrs now :frowning:


Your server listens on port 433, it should listen on port 80 (without ssl of course): the error message specify http, not https in the path.


sry forgot to paste the lower half of my nginx file :slight_smile:


Is this possibly the fact that the DNS records still do not have my updated IP address? Any check I do seems like it does.


If you check your logs in /var/log/letsencrypt/, I believe the IP address Let’s Encrypt resolved your domain to should be included. (If it’s not, try running your command with -vvvvv and check again.) DNS requests are made to your authoritative DNS server though, so DNS caching issues are not all that common with Let’s Encrypt.

I would recommend manually putting a file with random content in /var/web/letsencrypt/.well-known/acme-challenge and then trying to browse to that file with your browser to see if that succeeds.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.