Some challenges have failed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain

I ran this command:certbot --nginx

It produced this output:

      "type": "tls-alpn-01",
      "status": "pending",
      "url": "",
      "token": "EbOnpxCR60sv39cng6dOmCJSQcDMfrzFygJVE_0ph7M"
2023-04-17 02:02:45,030:DEBUG:acme.client:Storing nonce: C878euAh8zdvXa8lfu6BaQJh9QmJyzLd_lJcEKqk51_ki4I
2023-04-17 02:02:48,034:DEBUG:acme.client:JWS payload:
2023-04-17 02:02:48,036:DEBUG:acme.client:Sending POST request to
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA2NDk1OTA4NyIsICJub25jZSI6ICJDODc4ZXVBaDh6ZHZYYThsZnU2QmFRSmg5UW1KeXpMZF9sSmNFS3FrNTFfa2k0SSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvMjIwMDY0NjczOTk3In0",
  "signature": "atmx3AwXmo439UpOeo6p6Spi1EKIjPqFyqyBJTEvHOA7sazCikjMYpHO9XCKjorJw6yvySd5TGLtPvmGomo12RsQb8ryC3bUIFsd-2bCCWGtqQ-lLiLbq8NvluP7GjOQg-lS034YDE3sBMulJyTRl1K_oiWg1owBM1y31td9M0smR3mUOGzM7MEvTaCMwwNzdALWfUeQcyhmWxl_vO4VrBpsc-r1lIX-Rjd_PELfaejWhwlvRUmGofBWs1ZZz3EGhWfahJhfw0u9Dn01ka-mt0tpmMj7fhHrUcaPO8x5Sonsu9MEAW4GpzYdK0F733WaidGabX1VszUdeWf7bfERMw",
  "payload": ""
2023-04-17 02:02:48,314:DEBUG:urllib3.connectionpool: "POST /acme/authz-v3/220064673997 HTTP/1.1" 200 953
2023-04-17 02:02:48,315:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 17 Apr 2023 02:02:48 GMT
Content-Type: application/json
Content-Length: 953
Connection: keep-alive
Boulder-Requester: 1064959087
Cache-Control: public, max-age=0, no-cache
Link: <>;rel="index"
Replay-Nonce: 5CA2m4xJYdZuSK-WScb1NV24c4KVlFBCV8ceNhmVknZe4UY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

  "identifier": {
    "type": "dns",
    "value": ""
  "status": "invalid",
  "expires": "2023-04-24T02:01:16Z",
  "challenges": [
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:serverInternal",
        "detail": "During secondary validation: Remote PerformValidation RPC failed",
        "status": 500
      "url": "",
      "token": "EbOnpxCR60sv39cng6dOmCJSQcDMfrzFygJVE_0ph7M",
      "validationRecord": [
          "url": "",
          "hostname": "",
          "port": "80",
          "addressesResolved": [
          "addressUsed": ""
      "validated": "2023-04-17T02:01:17Z"
2023-04-17 02:02:48,315:DEBUG:acme.client:Storing nonce: 5CA2m4xJYdZuSK-WScb1NV24c4KVlFBCV8ceNhmVknZe4UY
2023-04-17 02:02:48,316:INFO:certbot._internal.auth_handler:Challenge failed for domain
2023-04-17 02:02:48,316:INFO:certbot._internal.auth_handler:http-01 challenge for
2023-04-17 02:02:48,316:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Type:   serverInternal
  Detail: During secondary validation: Remote PerformValidation RPC failed

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

My web server is (include version): nginx version: nginx/1.18.0 (Ubuntu)

The operating system my web server runs on is (include version):Ubuntu 20.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 2.5.0


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.