Hi all,

I have read some docs on the internet and I created a domain cert. but also I need many subdomain certifications too.

When I started to this command, I always get the same error. I can not solve the problem yet, could someone help me with this issue?

Command

certbot  certonly --webroot -w /var/www/cert -d mydomain.com,example.mydomain.com,www.mydomain.com --expand

Error
Failed authorization procedure. nginx.intechbt.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.mydomain.com/.well-known/acme-challenge/TUCr0zqTzhrnCpXK8XpeACNn282eJP6l2n1jbAue9Dk [185.xxx.xx.xx]: "\r\nhead>404 Not Found\r\n<body bgcolor="white">\r\n

404 Not Found

\r\n

---

"

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: example.mydomain.com
  Type: unauthorized
  Detail: Invalid response from
  http://example.mydomain.com/.well-known/acme-challenge/TUCr0zqTzhrnCpXK8XpeACNn282eJP6l2n1jbAue9Dk
  [185.xxx.xx.xx]: "html>\r\n404 Not
  Found\r\n<body bgcolor="white">\r\n

  404
  Not Found

  \r\n

  ---

  "

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

Regards,

Does this directory appear anywhere in nginx's configuration files?

grep -r "/var/www/cert" /etc/nginx

root@nginx:/etc/nginx/sites-available# grep -r "/var/www/cert" /etc/nginx
root@nginx:/etc/nginx/sites-available#

No, it doesn't appear anywhere.

Then it’s wrong. Where does that command come from?

Run certbot with no options and answer all of its questions.

Thanks a lot, I am going to try asap.

I have done the following process before when I first created the domain cert.

Should I enter 2 again?

root@nginx:/# certbot
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certbot doesn't know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run "certbot certonly" to do so. You'll need to manually configure your web server to use the resulting certificate.
root@nginx:/# certbot certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?

---

1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)

---

Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

Yes, you could also install the nginx plugin, though. Just tell certbot the actual nginx webroot this time.

I applied your solution suggestion but still get the same error and I can not understand why I was failed.

sonuncu1870×455 379 KB

Show me the command you ran. And your nginx configuration (nginx -T)

Certbot Command

certbot certonly --webroot -w /var/www/cert -d example.com,nginx.example.com,www.example.com --expand

My Nginx Conf. (For a Subdomain)

server {
listen 80;
server_name nginx.example.com;
root /var/www/html;
index index.html index.htm nginx.html;

}

server {
listen 443 ssl;
server_name nginx.example.com;

   root /var/www/html;
   index 404.html;

   location / {
           try_files $uri $uri/ =404;
   }

}

these need to be the same. both /var/www/html I'd say.

Yes, the problem was solved.

So thanks with my best regards,

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.