I ran this command: certonly --non-interactive --config "/etc/letsencrypt.ini" --cert-name "npm-22" --agree-tos --email "EMAIL" --preferred-challenges "dns,http" --domains "DOMAIN"
DOMAIN = the real domain
EMAIL = my real email
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for DOMAIN
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Challenge failed for domain DOMAIN
http-01 challenge for DOMAIN
Cleaning up challenges
Some challenges have failed.
at ChildProcess.exithandler (child_process.js:308:12)
at ChildProcess.emit (events.js:314:20)
at maybeClose (internal/child_process.js:1051:16)
at Process.ChildProcess._handle.onexit (internal/child_process.js:287:5)
The operating system my web server runs on is (include version): Ubuntu 20.04
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): nginx proxy manager GUI | v2.8.1
First of all, which type of authentication did you choose to go through? You've set DNS and HTTP as preferred, and certbot seems to choose HTTP w/ webroot to go through.
I'm not familiar with this part, but it certainly didn't look like code output from certbot or nginx (genuine) itself, as it's in nodejs?
Since you mentioned you use Nginx Proxy Manager, i would assume you are requesting a certificate for a reverse proxied site? If so, did you make any adjustments to allow your host system to use .well-known/acme-challenge/?
When you are requesting certificate from your host and the final website is served with reverse proxy, you need to make your host's web server catch the request at host level so it doesn't get passed into the actual site (which have no way to make your site get the token generated from your host)...
What a terrible documentation that piece of software has. I'm trying to find anything about Let's Encrypt and/or certificates in general on https://nginxproxymanager.com/ but it seems only the homepage mentions it as a feature, but nowhere else.
So, lacking any official documentation, could you, as the user, perhaps guide us through the process of getting (or in this case: trying to get) a certificate? Where do you enter the mentioned command? Or is it generated by that GUI itself? What's the contents of /etc/letsencrypt.ini? Where does it come from? Did you make it? Was it already there?
When I click "save" it gives me this error.
And 3. No I did not. One thing: my server landlord texted me and said that they have connection issues. Maybe thats why the error happens. Ill try some more times in the next minutes and tell u in about 15 minutes, if it worked.
If it's not a problem with your internet connectivity, I'm fairly certain this is not something we can help with. It sounds like you only have those GUI options, so if the GUI isn't functioning properly, you probably have more chance of success when you ask the nginx proxy manager GUI folks for help.
Yes. the thing is that it worked since today. And I didnt updated anything in the GUI. It worked now so it was a connection issue. Thanks anyways for the fast response. Have a great day!
There is the expected http result 404 - Not Found checking /.well-known/acme-challenge/random-filename.
So simple answer: Your webroot is wrong.
But you should always be able to find your correct webroot.
Check your config, create the two subdirectories /.well-known/acme-challenge manual, there a file (file name 1234), you must be able to load that file via
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
