My domain is:
Can't share because of confidentiality.
I ran this command:
docker-compose-initiate.yml file:
services:
nginx:
container_name: nginx
image: nginx:latest
environment:
- DOMAIN
ports:
- 80:80
volumes:
- ./nginx/templates-initiate:/etc/nginx/templates
- ./etc/letsencrypt:/etc/letsencrypt
- ./certbot/data:/var/www/certbot
certbot:
container_name: certbot
image: certbot/certbot:latest
depends_on:
- nginx
command: >-
certonly --reinstall --webroot --webroot-path=/var/www/certbot
--email ${EMAIL} --agree-tos --no-eff-email
-d ${DOMAIN}
volumes:
- ./etc/letsencrypt:/etc/letsencrypt
- ./certbot/data:/var/www/certbot
- ./certbot-log:/var/log/letsencrypt/
nginx/templates-initiate/default.conf.template file:
server {
listen [::]:80;
listen 80;
server_name $DOMAIN;
location /.well-known/acme-challenge/ {
allow all;
alias /var/www/certbot/;
}
}
docker compose -f ./docker-compose-initiate.yml up certbot command gives:
Attaching to certbot
certbot | Saving debug log to /var/log/letsencrypt/letsencrypt.log
certbot | Requesting a certificate for mydomain.com
certbot |
certbot | Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
certbot | Domain: mydomain.com
certbot | Type: unauthorized
certbot | Detail: <my-ip-address>: Invalid response from http://mydomain.com/.well-known/acme-challenge/hteNvhQeDs9S63aACLyXKBBxcz-bjhARYM1tQsDuI-0: 404
certbot |
certbot | Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
certbot |
certbot | Some challenges have failed.
certbot | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
certbot exited with code 1
var/log/letsencrypt/letsencrypt.log file:
2025-05-03 10:34:34,488:DEBUG:certbot._internal.main:certbot version: 4.0.0
2025-05-03 10:34:34,488:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/local/bin/certbot
2025-05-03 10:34:34,489:DEBUG:certbot._internal.main:Arguments: ['--reinstall', '--webroot', '--webroot-path=/var/www/certbot', '--email', 'cahangirove@gmail.com', '--agree-tos', '--no-eff-email', '-d', 'mydomain.com']
2025-05-03 10:34:34,489:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2025-05-03 10:34:34,514:DEBUG:certbot._internal.log:Root logging level set at 30
2025-05-03 10:34:34,515:DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None
2025-05-03 10:34:34,515:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * webroot
Description: Saves the necessary validation files to a .well-known/acme-challenge/ directory within the nominated webroot path. A separate HTTP server must be running and serving files from the webroot path. HTTP challenge only (wildcards not supported).
Interfaces: Authenticator, Plugin
Entry point: EntryPoint(name='webroot', value='certbot._internal.plugins.webroot:Authenticator', group='certbot.plugins')
Initialized: <certbot._internal.plugins.webroot.Authenticator object at 0x71f7e3174bf0>
Prep: True
2025-05-03 10:34:34,516:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.webroot.Authenticator object at 0x71f7e3174bf0> and installer None
2025-05-03 10:34:34,516:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator webroot, Installer None
2025-05-03 10:34:34,569:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/2376826197', new_authzr_uri=None, terms_of_service=None), 5017f812fef6838b4e89d984fa2a90f3, Meta(creation_dt=datetime.datetime(2025, 5, 3, 7, 20, 52, tzinfo=datetime.timezone.utc), creation_host='69271a9a0c03', register_to_eff=None))>
2025-05-03 10:34:34,570:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2025-05-03 10:34:34,572:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2025-05-03 10:34:35,010:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 1012
2025-05-03 10:34:35,012:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 03 May 2025 10:34:34 GMT
Content-Type: application/json
Content-Length: 1012
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"QyDIgHELKFU": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"profiles": {
"classic": "https://letsencrypt.org/docs/profiles#classic",
"shortlived": "https://letsencrypt.org/docs/profiles#shortlived (not yet generally available)",
"tlsserver": "https://letsencrypt.org/docs/profiles#tlsserver"
},
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2025-05-03 10:34:35,015:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for mydomain.com
2025-05-03 10:34:35,023:DEBUG:acme.client:Requesting fresh nonce
2025-05-03 10:34:35,023:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2025-05-03 10:34:35,168:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2025-05-03 10:34:35,170:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 03 May 2025 10:34:35 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: aJoEAs1IgsooXyX1WmZaS9OSjs980R4KGB6laaEwfVWvsQnIKHg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2025-05-03 10:34:35,170:DEBUG:acme.client:Storing nonce: aJoEAs1IgsooXyX1WmZaS9OSjs980R4KGB6laaEwfVWvsQnIKHg
2025-05-03 10:34:35,171:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "mydomain.com"\n }\n ]\n}'
2025-05-03 10:34:35,178:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM3NjgyNjE5NyIsICJub25jZSI6ICJhSm9FQXMxSWdzb29YeVgxV21aYVM5T1Nqczk4MFI0S0dCNmxhYUV3ZlZXdnNRbklLSGciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9",
"signature": "fWOwdmo8OZtq5PwT9ticielmXgktdnjgf2J9EYqgQFmZ0wzRTzwFEYq0cwc3I_Spuscf4FfduVuCD_MJhMEf8Ir3cBAwrYVOYmU9VLvivFAoyCH6K9Upudz8PSNtgd6HEPbEXi6eY1GjgBk9pAN_Wf9-mhuTo9YooH79qJg6HWY2wZjop79ar_4CkXeOtGxu5-RBTEjZJCxkbAg_-F697ihzi2AfhHXlbgH3fUrtiRxsyMulQPUUvj6cvZjHlfCNqFZw2wBh6jJ3x96JjZIOwO_nCwtbrwhh4aabmEI3fpZBIIKsBIrGUZaPTIOyoxRWqeeNyjbPrmF-sPdjsh1ExQ",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImdpdC5lY2FoYW5naXJvdi5jb20iCiAgICB9CiAgXQp9"
}
2025-05-03 10:34:35,355:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 353
2025-05-03 10:34:35,355:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sat, 03 May 2025 10:34:35 GMT
Content-Type: application/json
Content-Length: 353
Connection: keep-alive
Boulder-Requester: 2376826197
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/2376826197/380371680707
Replay-Nonce: FIfrddYQsI6yzUudTbn3s8yglAKiELeQBqzgYed5Qq78W7ZHgFw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2025-05-10T10:34:35Z",
"identifiers": [
{
"type": "dns",
"value": "mydomain.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz/2376826197/514833709117"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/2376826197/380371680707"
}
2025-05-03 10:34:35,356:DEBUG:acme.client:Storing nonce: FIfrddYQsI6yzUudTbn3s8yglAKiELeQBqzgYed5Qq78W7ZHgFw
2025-05-03 10:34:35,356:DEBUG:acme.client:JWS payload:
b''
2025-05-03 10:34:35,358:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2376826197/514833709117:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM3NjgyNjE5NyIsICJub25jZSI6ICJGSWZyZGRZUXNJNnl6VXVkVGJuM3M4eWdsQUtpRUxlUUJxemdZZWQ1UXE3OFc3WkhnRnciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzIzNzY4MjYxOTcvNTE0ODMzNzA5MTE3In0",
"signature": "NNGnQzcyZz-geXlZ0oS1F80MzFFUyuHBH7VoP_lV6xLQdMQPCSKMbBG2AJmMfuM_qQrdsLsbe3fDSCcAJhaOMJbeV5VYtJzVYjwpQgBJIL7rBq_hcYs8KGvqjKCWVXcjX-J7WRABOXS6ckX8eOzNkbJJWT3NUwh-4KyH7esCPQxSIa5YGjcc8RIc0KuL7BQSc9PPbSqgqBdMuzidzrivCp5sfHjHVaSnWU-e6re3vnrBnA4x7pb_6tTXY_UelY1D_i4Nd0ICra1opU1XH4KXJSzW9XJsUElbdjyeH9KDNo11WznXlpFGmSmjq-BHAn0sg7zafTTiVX0unFB5fHCWqQ",
"payload": ""
}
2025-05-03 10:34:35,506:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2376826197/514833709117 HTTP/1.1" 200 827
2025-05-03 10:34:35,507:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 03 May 2025 10:34:35 GMT
Content-Type: application/json
Content-Length: 827
Connection: keep-alive
Boulder-Requester: 2376826197
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: FIfrddYQGYdrtM1QjcPldQnyIfffCvEYKRmO08smNAoMT7bA-3Y
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "mydomain.com"
},
"status": "pending",
"expires": "2025-05-10T10:34:35Z",
"challenges": [
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2376826197/514833709117/tWdxGw",
"status": "pending",
"token": "hteNvhQeDs9S63aACLyXKBBxcz-bjhARYM1tQsDuI-0"
},
{
"type": "tls-alpn-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2376826197/514833709117/i3H9TQ",
"status": "pending",
"token": "hteNvhQeDs9S63aACLyXKBBxcz-bjhARYM1tQsDuI-0"
},
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2376826197/514833709117/TWgN2A",
"status": "pending",
"token": "hteNvhQeDs9S63aACLyXKBBxcz-bjhARYM1tQsDuI-0"
}
]
}
2025-05-03 10:34:35,507:DEBUG:acme.client:Storing nonce: FIfrddYQGYdrtM1QjcPldQnyIfffCvEYKRmO08smNAoMT7bA-3Y
2025-05-03 10:34:35,508:INFO:certbot._internal.auth_handler:Performing the following challenges:
2025-05-03 10:34:35,508:INFO:certbot._internal.auth_handler:http-01 challenge for mydomain.com
2025-05-03 10:34:35,509:INFO:certbot._internal.plugins.webroot:Using the webroot path /var/www/certbot for all unmatched domains.
2025-05-03 10:34:35,509:DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /var/www/certbot/.well-known/acme-challenge
2025-05-03 10:34:35,511:DEBUG:certbot._internal.plugins.webroot:Attempting to save validation to /var/www/certbot/.well-known/acme-challenge/hteNvhQeDs9S63aACLyXKBBxcz-bjhARYM1tQsDuI-0
2025-05-03 10:34:35,512:DEBUG:acme.client:JWS payload:
b'{}'
2025-05-03 10:34:35,514:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall/2376826197/514833709117/TWgN2A:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM3NjgyNjE5NyIsICJub25jZSI6ICJGSWZyZGRZUUdZZHJ0TTFRamNQbGRRbnlJZmZmQ3ZFWUtSbU8wOHNtTkFvTVQ3YkEtM1kiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLzIzNzY4MjYxOTcvNTE0ODMzNzA5MTE3L1RXZ04yQSJ9",
"signature": "eyApsOei9iBZsOmw-kgeanmuoL3Ads5F34SNjrv0wG83qIBbFJroOeQ7qW9T7M-gs0D7-RoZ_qB-FgBcd7hHqZ4kvv6NXrKoCNkGznpGI_XlmGc_P1Yk6eLiCxXWi1MJWwlQBeHPnwBMgIPFdupD_4c5pRTs1PmohVu9VuVJrqcc0tju5hAuDVbbxvJu4By7buWL-cXNBROlxg1sC7GXFvsA2sY3CkWmMZ2XCTqbu0sy_FyWHWXi867qCQ0af4dADrT0cybvVm-XZXKnTT3qoMQBIIm4YfaosAdUlu7bhooa4YRvdn94ZDbumG0U6d6FjEFazFA0KTEpxzXje-Uocw",
"payload": "e30"
}
2025-05-03 10:34:35,668:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall/2376826197/514833709117/TWgN2A HTTP/1.1" 200 195
2025-05-03 10:34:35,669:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 03 May 2025 10:34:35 GMT
Content-Type: application/json
Content-Length: 195
Connection: keep-alive
Boulder-Requester: 2376826197
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz/2376826197/514833709117>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall/2376826197/514833709117/TWgN2A
Replay-Nonce: FIfrddYQCVDWeEi_FjkDITTlvkyBTzwelx0vo19iPPb9-QyEzHs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2376826197/514833709117/TWgN2A",
"status": "pending",
"token": "hteNvhQeDs9S63aACLyXKBBxcz-bjhARYM1tQsDuI-0"
}
2025-05-03 10:34:35,669:DEBUG:acme.client:Storing nonce: FIfrddYQCVDWeEi_FjkDITTlvkyBTzwelx0vo19iPPb9-QyEzHs
2025-05-03 10:34:35,670:INFO:certbot._internal.auth_handler:Waiting for verification...
2025-05-03 10:34:36,671:DEBUG:acme.client:JWS payload:
b''
2025-05-03 10:34:36,676:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2376826197/514833709117:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjM3NjgyNjE5NyIsICJub25jZSI6ICJGSWZyZGRZUUNWRFdlRWlfRmprRElUVGx2a3lCVHp3ZWx4MHZvMTlpUFBiOS1ReUV6SHMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LzIzNzY4MjYxOTcvNTE0ODMzNzA5MTE3In0",
"signature": "FoGtWMmzfJu1Zk30nHtvAshe_TgOYTEwlXIeAEdMBFrzL5nS_v6nCbd24AyqKltjNEqa-CxJIzJgUS27GDnVt-tUu8HG6EDskQTnC5ddAVVm2Pk-HGjKh37OHqLxAsDnMhzdHbQP4zw9Q_UzPkTd92kUKWqtM1LULD6q4azKMA7CFsFixdSehezv7Nq4uWqs49T8iUHrqJvYv1a7dXNB4_GHwxuRVA87KS1ZnA0YgSW2qeGBhZmmLMSsT1bjILl2KSbxG5ulHPHDHFtOuamQmAD6oIYuzukY6w75xj3VGSJ87ejftxe-mGODb3aSqIPqnm3SiwHxe5De_DgNzUI7yQ",
"payload": ""
}
2025-05-03 10:34:36,830:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2376826197/514833709117 HTTP/1.1" 200 1049
2025-05-03 10:34:36,831:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 03 May 2025 10:34:36 GMT
Content-Type: application/json
Content-Length: 1049
Connection: keep-alive
Boulder-Requester: 2376826197
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: FIfrddYQYjt5kBkiDdkOhgjr5C6lhm9CleFShrchwTmNsu6OuWs
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "mydomain.com"
},
"status": "invalid",
"expires": "2025-05-10T10:34:35Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2376826197/514833709117/TWgN2A",
"status": "invalid",
"validated": "2025-05-03T10:34:35Z",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "<my-ip-address>: Invalid response from http://mydomain.com/.well-known/acme-challenge/hteNvhQeDs9S63aACLyXKBBxcz-bjhARYM1tQsDuI-0: 404",
"status": 403
},
"token": "hteNvhQeDs9S63aACLyXKBBxcz-bjhARYM1tQsDuI-0",
"validationRecord": [
{
"url": "http://mydomain.com/.well-known/acme-challenge/hteNvhQeDs9S63aACLyXKBBxcz-bjhARYM1tQsDuI-0",
"hostname": "mydomain.com",
"port": "80",
"addressesResolved": [
"<my-ip-address>"
],
"addressUsed": "<my-ip-address>"
}
]
}
]
}
2025-05-03 10:34:36,831:DEBUG:acme.client:Storing nonce: FIfrddYQYjt5kBkiDdkOhgjr5C6lhm9CleFShrchwTmNsu6OuWs
2025-05-03 10:34:36,832:INFO:certbot._internal.auth_handler:Challenge failed for domain mydomain.com
2025-05-03 10:34:36,832:INFO:certbot._internal.auth_handler:http-01 challenge for mydomain.com
2025-05-03 10:34:36,832:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: mydomain.com
Type: unauthorized
Detail: <my-ip-address>: Invalid response from http://mydomain.com/.well-known/acme-challenge/hteNvhQeDs9S63aACLyXKBBxcz-bjhARYM1tQsDuI-0: 404
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
2025-05-03 10:34:36,834:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2025-05-03 10:34:36,834:DEBUG:certbot._internal.error_handler:Calling registered functions
2025-05-03 10:34:36,834:INFO:certbot._internal.auth_handler:Cleaning up challenges
2025-05-03 10:34:36,834:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/certbot/.well-known/acme-challenge/hteNvhQeDs9S63aACLyXKBBxcz-bjhARYM1tQsDuI-0
2025-05-03 10:34:36,835:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2025-05-03 10:34:36,835:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 33, in <module>
sys.exit(load_entry_point('certbot', 'console_scripts', 'certbot')())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/src/certbot/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 1872, in main
return config.func(config, plugins)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 1578, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/src/certbot/certbot/_internal/main.py", line 143, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 523, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 424, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/src/certbot/certbot/_internal/client.py", line 502, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 108, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, max_time_mins, best_effort)
File "/opt/certbot/src/certbot/certbot/_internal/auth_handler.py", line 212, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2025-05-03 10:34:36,840:ERROR:certbot._internal.log:Some challenges have failed.
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of `certbot --version` or `certbot-auto --version` if you're using Certbot):
I put simple hello.html file to certbot/data folder and it's being served as expected at http://mydomain.com/.well-known/acme-challenge/hello.html
Which should have given a 404 earlier with 