SSl error on docker with NGINX proxy manager

Help
1

My domain is: cloud.saccess.win

The operating system my web server runs on is ubuntu 22

I can login to a root shell on my machine: yes

I'm using a control panel to manage my site: no,
The version of my client is 2.5.0
I have installed nginx proxy manager on a docker container and when I try to get an ssl certificate i get the following error:

Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-1" --agree-tos --authenticator webroot --email "shashankhrs@gmail.com" --preferred-challenges "dns,http" --domains "cloud.saccess.win"
Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

at ChildProcess.exithandler (node:child_process:402:12)
at ChildProcess.emit (node:events:513:28)
at maybeClose (node:internal/child_process:1100:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)

this is the error log

2023-09-27 14:32:39,332:DEBUG:certbot._internal.main:certbot version: 2.5.0
2023-09-27 14:32:39,333:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2023-09-27 14:32:39,333:DEBUG:certbot._internal.main:Arguments: ['--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/tmp/letsencrypt-log', '--cert-name', 'npm-1', '--agree-tos', '--authenticator', 'webroot', '--email', 'shashankhrs@gmail.com', '--preferred-challenges', 'dns,http', '--domains', 'cloud.saccess.win']
2023-09-27 14:32:39,333:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2023-09-27 14:32:39,340:DEBUG:certbot._internal.log:Root logging level set at 30
2023-09-27 14:32:39,340:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2023-09-27 14:32:39,342:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A seperate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: webroot = certbot._internal.plugins.webroot:Authenticator
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x7fef7e9de080>
Prep: True
2023-09-27 14:32:39,342:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x7fef7e9de080> and installer None
2023-09-27 14:32:39,342:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2023-09-27 14:32:39,383:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2023-09-27 14:32:39,384:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2023-09-27 14:32:43,859:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 752
2023-09-27 14:32:43,861:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 27 Sep 2023 14:32:43 GMT
Content-Type: application/json
Content-Length: 752
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "oDHxTu859bE": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-01/renewalInfo/",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2023-09-27 14:32:43,861:DEBUG:acme.client:Requesting fresh nonce
2023-09-27 14:32:43,862:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2023-09-27 14:32:44,144:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2023-09-27 14:32:44,145:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 27 Sep 2023 14:32:43 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: TkV456YlOrTy1G4EtPBaSrlH8q3XUz1UOYjjiMeJoJzwladKPoo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2023-09-27 14:32:44,146:DEBUG:acme.client:Storing nonce: TkV456YlOrTy1G4EtPBaSrlH8q3XUz1UOYjjiMeJoJzwladKPoo
2023-09-27 14:32:44,147:DEBUG:acme.client:JWS payload:
b'{\n  "contact": [\n    "mailto:shashankhrs@gmail.com"\n  ],\n  "termsOfServiceAgreed": true\n}'
2023-09-27 14:32:44,155:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-acct:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAiandrIjogeyJuIjogIjFObElVNDY3NENXUVpzNFB5NzlSQ2J0MW14WXljU0Z1dndvTGpzVmgwbG8wS0xzR3htLWtoUkIxbWVkY0ZFRnAxSDMwSE95bkFCSV9Nek40UXF1QUVlR0dLM1RVMXlpMHhfXzNFZW56bTRJRzYtbWRkRjRPZGNuNWhyLVc4T1hGUS0wX2FPeXhiTlBBQ1RTdm9aWWRSU1VkZUxSLTZCd1ZiNmFuS28tTUlaWC1mTWFnNmVUemo5dkZFQ0oyWWJhRHdGbVlGdnRTR2ZxYUJ4V25JdVQzNDA1LWFQRWNqU1gwRkpFNzdsT3JEeGVOeVh6MEljNDRNekEyVWUwVEM4S0ZsTHM2NTlldk1KTWp2RkpZMjI5MXc4dWhTQlhyeW95Wm5NenVaT2ZQZ0F6ZEJfYjFmVXctLUc0aTVlbzNCNWJaOFNMTklBZzNRLU9SWkU1Z1RXb3kzUSIsICJlIjogIkFRQUIiLCAia3R5IjogIlJTQSJ9LCAibm9uY2UiOiAiVGtWNDU2WWxPclR5MUc0RXRQQmFTcmxIOHEzWFV6MVVPWWpqaU1lSm9KendsYWRLUG9vIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYWNjdCJ9",
  "signature": "PsVw_URleOzMZiWh76Okg8IeUMGc-uej3aR1GpjcmWBEil2B1SancvUQhBlRvp9sYdLZndnb6cfRFJD9MdfCuvg1KGAefRJDk_WvUHaqbe2n5c4VJCclt2SHackdVLz18KII3TkqOVUvyGfs3IQVEQ8yEOP19rLrON5qneTplPgHxkdX7dA7kFNRvbFmzI3Btf0AYGM8JYjdBVHzCb2Wcztqp1xdDHVHSfTd98GJMoTJchjE2iC-279HhIxpxe3mWTu7DknidVYSiV1NCjiRPbLotcQzWKVkVcpVOmddvXXeNrniT3nA81LxjApEaEs6aNwksRybzKyvE9D9hLl0BQ",
  "payload": "ewogICJjb250YWN0IjogWwogICAgIm1haWx0bzpzaGFzaGFua2hyc0BnbWFpbC5jb20iCiAgXSwKICAidGVybXNPZlNlcnZpY2VBZ3JlZWQiOiB0cnVlCn0"
}
2023-09-27 14:32:44,488:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-acct HTTP/1.1" 201 564
2023-09-27 14:32:44,489:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 27 Sep 2023 14:32:44 GMT
Content-Type: application/json
Content-Length: 564
Connection: keep-alive
Boulder-Requester: 1331720916
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf>;rel="terms-of-service"
Location: https://acme-v02.api.letsencrypt.org/acme/acct/1331720916
Replay-Nonce: HBbgH1zXoCcLtgsTVIGYq7VkXjwVAw2oMN1dJZJ4OOjjRhXHivA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "key": {
    "kty": "RSA",
    "n": "1NlIU4674CWQZs4Py79RCbt1mxYycSFuvwoLjsVh0lo0KLsGxm-khRB1medcFEFp1H30HOynABI_MzN4QquAEeGGK3TU1yi0x__3Eenzm4IG6-mddF4Odcn5hr-W8OXFQ-0_aOyxbNPACTSvoZYdRSUdeLR-6BwVb6anKo-MIZX-fMag6eTzj9vFECJ2YbaDwFmYFvtSGfqaBxWnIuT3405-aPEcjSX0FJE77lOrDxeNyXz0Ic44MzA2Ue0TC8KFlLs659evMJMjvFJY2291w8uhSBXryoyZnMzuZOfPgAzdB_b1fUw--G4i5eo3B5bZ8SLNIAg3Q-ORZE5gTWoy3Q",
    "e": "AQAB"
  },
  "contact": [
    "mailto:shashankhrs@gmail.com"
  ],
  "initialIp": "xx.xx.xx.xx",
  "createdAt": "2023-09-27T14:32:44.30158487Z",
  "status": "valid"
}
2023-09-27 14:32:44,490:DEBUG:acme.client:Storing nonce: HBbgH1zXoCcLtgsTVIGYq7VkXjwVAw2oMN1dJZJ4OOjjRhXHivA
2023-09-27 14:32:44,494:DEBUG:certbot._internal.display.obj:Notifying user: Account registered.
2023-09-27 14:32:44,494:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7fef7e8c42b0>)>), contact=('mailto:shashankhrs@gmail.com',), agreement=None, status='valid', terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/1331720916', new_authzr_uri=None, terms_of_service='https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf'), e2dfc2c6f047378b21e2d0abef4d08f5, Meta(creation_dt=datetime.datetime(2023, 9, 27, 14, 32, 44, tzinfo=<UTC>), creation_host='421cdc00bf66', register_to_eff=None))>
2023-09-27 14:32:44,494:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for cloud.saccess.win
2023-09-27 14:32:44,497:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "cloud.saccess.win"\n    }\n  ]\n}'
2023-09-27 14:32:44,497:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMzMTcyMDkxNiIsICJub25jZSI6ICJIQmJnSDF6WG9DY0x0Z3NUVklHWXE3VmtYandWQXcyb01OMWRKWko0T09qalJoWEhpdkEiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
  "signature": "qx7Rt9gI1KulVkSxnnVuN1wToYtdmM53OOV5bMj5T8b6vFB2ZOeiMqCmmG-M7auwrBwu3wvNbVTwhNPy2YqPP14H1Zp14i-P4pGbPUT5mTUuZ2dY7H2rwyHR-aWFSdstd7HvvTQl6nraWfIx6LLRfv9AThLo6j7PfYpXm-yh9-w1wdjQL8Rc7UWH6_jFauE56X-BdmSf-vdVWs-DlNTjn8YHvj332mJuMJOtoAdHghkmmFcZ-YLE4_rKwSUC9T57-YpHfNlh6i5npgPjSOEivHDzyMcF9Z_T13ZYvu7dzT2qI8r-QrovrcH9jfXdmS4Y9sBUFlI7sAGyjhnFFZ1PJw",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImNsb3VkLnNhY2Nlc3Mud2luIgogICAgfQogIF0KfQ"
}
2023-09-27 14:32:45,104:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 343
2023-09-27 14:32:45,105:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 27 Sep 2023 14:32:44 GMT
Content-Type: application/json
Content-Length: 343
Connection: keep-alive
Boulder-Requester: 1331720916
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/1331720916/211241213366
Replay-Nonce: HBbgH1zX2IB47w5efCAP-nvUbw-VA2AD4-IlKw7TwTFPoG30IOs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2023-10-04T14:32:44Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "cloud.saccess.win"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/268482358516"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1331720916/211241213366"
}
2023-09-27 14:32:45,105:DEBUG:acme.client:Storing nonce: HBbgH1zX2IB47w5efCAP-nvUbw-VA2AD4-IlKw7TwTFPoG30IOs
2023-09-27 14:32:45,108:DEBUG:acme.client:JWS payload:
b''
2023-09-27 14:32:45,109:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/268482358516:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMzMTcyMDkxNiIsICJub25jZSI6ICJIQmJnSDF6WDJJQjQ3dzVlZkNBUC1udlVidy1WQTJBRDQtSWxLdzdUd1RGUG9HMzBJT3MiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzI2ODQ4MjM1ODUxNiJ9",
  "signature": "A7AHTk2hX-fCeF8rFji9aB3r91sR7tSW7ybzFUHjAxuKudrc-H2r-r6cF8Bl89AZ5rLo6IVIcwsLTblpminsvVk6sxj2auo4GzH2ul577ylnmMjAtmJqzAu9rc39Q374EjQMMtZZI7Q2I02ghbnIsnsunWMxgjQJhq70UsjpTKcGRLlDq2A9amdH8cP0oJoUWxJt8_jFVoCA485okbfafD8BQjKPvesumobV8JTrfHq0mKhQ4SvSMgXjtXPwblRmWNNWomnWt001iWyQkF8uLkCnogttXI6-yKm5bLzeUFWap43RLN-gfww0KbL7QFu0niwqiPyGHz7nARDe-Bo4kA",
  "payload": ""
}
2023-09-27 14:32:45,393:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/268482358516 HTTP/1.1" 200 801
2023-09-27 14:32:45,394:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 27 Sep 2023 14:32:45 GMT
Content-Type: application/json
Content-Length: 801
Connection: keep-alive
Boulder-Requester: 1331720916
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: TkV456Yl5cKHYQLzokKr1bM41xZdbLocd4xJbgAtM0cqFCzh00Y
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "cloud.saccess.win"
  },
  "status": "pending",
  "expires": "2023-10-04T14:32:44Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/268482358516/QEkojA",
      "token": "IPoZoDFuuy_s_rTY20XAWPZ-XJxoZx9-0UFPBp1nuiU"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/268482358516/EzoKpA",
      "token": "IPoZoDFuuy_s_rTY20XAWPZ-XJxoZx9-0UFPBp1nuiU"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/268482358516/mh746w",
      "token": "IPoZoDFuuy_s_rTY20XAWPZ-XJxoZx9-0UFPBp1nuiU"
    }
  ]
}
2023-09-27 14:32:45,394:DEBUG:acme.client:Storing nonce: TkV456Yl5cKHYQLzokKr1bM41xZdbLocd4xJbgAtM0cqFCzh00Y
2023-09-27 14:32:45,395:INFO:certbot._internal.auth_handler:Performing the following challenges:
2023-09-27 14:32:45,395:INFO:certbot._internal.auth_handler:http-01 challenge for cloud.saccess.win
2023-09-27 14:32:45,396:INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
2023-09-27 14:32:45,396:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge
2023-09-27 14:32:45,402:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /data/letsencrypt-acme-challenge/.well-known/acme-challenge/IPoZoDFuuy_s_rTY20XAWPZ-XJxoZx9-0UFPBp1nuiU
2023-09-27 14:32:45,403:DEBUG:acme.client:JWS payload:
b'{}'
2023-09-27 14:32:45,407:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/268482358516/QEkojA:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMzMTcyMDkxNiIsICJub25jZSI6ICJUa1Y0NTZZbDVjS0hZUUx6b2tLcjFiTTQxeFpkYkxvY2Q0eEpiZ0F0TTBjcUZDemgwMFkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzI2ODQ4MjM1ODUxNi9RRWtvakEifQ",
  "signature": "OmS3ouKbQBJnHFjuJgCuLHXflG2TPpqnQzRGJz9YpJbEtRduoqdqFD81uHdQykESfoFYw_SZ2eZmqbFrnFiEVBMG-OlV5iI8AXXqBbWMUEk_I86aTnJ9MD4Y08QEV8hPB-zIEX4e-ExJwuagV2YF1FyGy8AjNHNzUwBROxHmFs8UK2SK8hOEZy8NJh3cZamxM_qHwqRkG7TS9lPjxvBDv0QU-bpsEWItpy9QUc0wDot7_ZN1_4p8E9EtiDKyjhVmQuRvNR8UDQW4BBsFmShFG1njBd1SFyxJYHmLPQWpeJinHLCHfQ1sep9YnXQFCIms1TvSKwrch_4-EvGcOuZakg",
  "payload": "e30"
}
2023-09-27 14:32:45,699:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/268482358516/QEkojA HTTP/1.1" 200 187
2023-09-27 14:32:45,700:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 27 Sep 2023 14:32:45 GMT
Content-Type: application/json
Content-Length: 187
Connection: keep-alive
Boulder-Requester: 1331720916
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/268482358516>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/268482358516/QEkojA
Replay-Nonce: HBbgH1zXahhl8GAQIyYwPyL_ZLinJjI6_LGYVJTC51rZF3qn0f4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/268482358516/QEkojA",
  "token": "IPoZoDFuuy_s_rTY20XAWPZ-XJxoZx9-0UFPBp1nuiU"
}
2023-09-27 14:32:45,700:DEBUG:acme.client:Storing nonce: HBbgH1zXahhl8GAQIyYwPyL_ZLinJjI6_LGYVJTC51rZF3qn0f4
2023-09-27 14:32:45,701:INFO:certbot._internal.auth_handler:Waiting for verification...
2023-09-27 14:32:46,702:DEBUG:acme.client:JWS payload:
b''
2023-09-27 14:32:46,706:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/268482358516:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMzMTcyMDkxNiIsICJub25jZSI6ICJIQmJnSDF6WGFoaGw4R0FRSXlZd1B5TF9aTGluSmpJNl9MR1lWSlRDNTFyWkYzcW4wZjQiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzI2ODQ4MjM1ODUxNiJ9",
  "signature": "NQ06BQF1B54oPBiO5wL41t6c-vGibBSNx8duTwcffkhgp8cmI2i0Ikve3-qI30Zl01EhzE5-4hYeVCNQ-OScH0ilyf8kyW13eeC2ZXwALEpHZe0CQ6W23m594b5qGrxcAnLpny8LWYUNiYKKciQMFdiYhDhAdzXdXkEbp7MfJARGYBBQEl99K70svGTkhU-rTvX7S5HHtbeBwfvMpoJxapY26asuSRNf19gkZgr9mYUgVG3noto8FKR5452xksxU_e18ZzGax-4aj_yWBZ-TLaXrhrjSiMOhR1HxzmUvDONJznvHF7UskQ8__wrx7VpsR3hES2gxJH-8fd3cOAD13g",
  "payload": ""
}
2023-09-27 14:32:47,001:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/268482358516 HTTP/1.1" 200 1039
2023-09-27 14:32:47,002:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 27 Sep 2023 14:32:46 GMT
Content-Type: application/json
Content-Length: 1039
Connection: keep-alive
Boulder-Requester: 1331720916
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: HBbgH1zXtiM9tgK92S7ArMkLJNXXG15UZhiylj3NaeJFiDlGyzU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "cloud.saccess.win"
  },
  "status": "invalid",
  "expires": "2023-10-04T14:32:44Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "xx.xx.xx.xx: Invalid response from http://cloud.saccess.win/.well-known/acme-challenge/IPoZoDFuuy_s_rTY20XAWPZ-XJxoZx9-0UFPBp1nuiU: 404",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/268482358516/QEkojA",
      "token": "IPoZoDFuuy_s_rTY20XAWPZ-XJxoZx9-0UFPBp1nuiU",
      "validationRecord": [
        {
          "url": "http://cloud.saccess.win/.well-known/acme-challenge/IPoZoDFuuy_s_rTY20XAWPZ-XJxoZx9-0UFPBp1nuiU",
          "hostname": "cloud.saccess.win",
          "port": "80",
          "addressesResolved": [
            "xx.xx.xx.xx"
          ],
          "addressUsed": "xx.xx.xx.xx"
        }
      ],
      "validated": "2023-09-27T14:32:45Z"
    }
  ]
}
2023-09-27 14:32:47,003:DEBUG:acme.client:Storing nonce: HBbgH1zXtiM9tgK92S7ArMkLJNXXG15UZhiylj3NaeJFiDlGyzU
2023-09-27 14:32:47,004:INFO:certbot._internal.auth_handler:Challenge failed for domain cloud.saccess.win
2023-09-27 14:32:47,004:INFO:certbot._internal.auth_handler:http-01 challenge for cloud.saccess.win
2023-09-27 14:32:47,004:DEBUG:certbot._internal.display.obj:Notifying user: 
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: cloud.saccess.win
  Type:   unauthorized
  Detail: xx.xx.xx.xx: Invalid response from http://cloud.saccess.win/.well-known/acme-challenge/IPoZoDFuuy_s_rTY20XAWPZ-XJxoZx9-0UFPBp1nuiU: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2023-09-27 14:32:47,005:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2023-09-27 14:32:47,005:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-09-27 14:32:47,006:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-09-27 14:32:47,006:DEBUG:certbot._internal.plugins.webroot:Removing /data/letsencrypt-acme-challenge/.well-known/acme-challenge/IPoZoDFuuy_s_rTY20XAWPZ-XJxoZx9-0UFPBp1nuiU
2023-09-27 14:32:47,007:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2023-09-27 14:32:47,007:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/opt/certbot/lib/python3.7/site-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1864, in main
    return config.func(config, plugins)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 1597, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/main.py", line 141, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 516, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 428, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/client.py", line 496, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
  File "/opt/certbot/lib/python3.7/site-packages/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-09-27 14:32:47,010:ERROR:certbot._internal.log:Some challenges have failed.

my server is behind a wireguard vpn self hosted on a vps and my pc and server are on the same network (wireguard vpn)
required ports are open in ufw and iptables.
Please help me troubleshoot this

2

Hi @shashankhrs, and welcome to the LE community forum :slight_smile:

Please ensure the HTTP server is working before continuing with your testing.
Ideally you would be able to place a sample ACME challenge test file in the expected challenge location and it should be reachable via HTTP from the Internet before you continue.

Also, further testing should be done with the staging environment.

2 Likes
3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.