[SOLUTION FOUND] Error: Invalid response from httpss://domain.com/.well-known/acme-challenge/<token>: 404

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: nelsonserpa.com

I ran this command: sudo certbot --nginx -d nelsonserpa.com -d www.nelsonserpa.com -v

It produced this output: Error: Invalid response from httpss://nelsonserpa.com/.well-known/acme-challenge/: 404

My web server is (include version): nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: hostinger

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 1.23.0

I'm following tutorials on running certbot for my website server via nginx through server blocks.

I've:

  1. Changed the DNS records on hostinger so both A/www and A/@ point to my website ip, 191.101.78.199, which have been done over a day ago so i guess DNS propagated

  2. configured my server block as follow:

server {
        listen 80;
        listen [::]:80;

        root /var/www/nelsonserpa.com/html;
        index index.html index.htm index.nginx-debian.html;

        server_name nelsonserpa.com www.nelsonserpa.com;

        location / {
                try_files $uri $uri/ =404;
        }

  1. Finished setting up nginx, firewall for nginx etc
  2. Installed certbot following pip installation tutorial
  3. Run sudo certbot --nginx -d nelsonserpa.com -d www.nelsonserpa.com -v

The run failed with the error Invalid response from http://nelsonserpa.com/.well-known/acme-challenge/<token>: 404

I researched about the error and it seems my server block configuration was denying all requests except for root. I changed my server block configuration to add

location ~ /.well-known/ {  
          allow all;
        }

:

server {
        listen 80;
        listen [::]:80;

        root /var/www/nelsonserpa.com/html;
        index index.html index.htm index.nginx-debian.html;

        server_name nelsonserpa.com www.nelsonserpa.com;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ /.well-known/ {  
          allow all;
        }

But it still fails. I'm not sure if I missconfigured nginx server block for two locations. Can someone help me please?

EDIT: I also enabled AAAA @ and www record to my IPV6 as some suggestions pointed that out. I'm waiting for DNS propagation

SOLUTION: add that line to your serverblock config file:

location /.well-known/acme-challenge {
          default_type text/plain;
          root /etc/letsencrypt/webroot;
        }

ex:

server {

    root /var/www/nelsonserpa.com/html;
    index index.html index.htm index.nginx-debian.html;

    server_name nelsonserpa.com www.nelsonserpa.com;

    location / {
            try_files $uri $uri/ =404;
    }

    location /.well-known/acme-challenge {
      default_type text/plain;
      root /etc/letsencrypt/webroot;
    }

}