Unable to generate certificates, always 404 not found

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.sprofix.com

I ran this command: sudo certbot --nginx

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?

3: sprofix.com

13: www.sprofix.com
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 13
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.sprofix.com
nginx: [warn] conflicting server name "spotweb.sprofix.com" on, ignored
Waiting for verification...
Cleaning up challenges
nginx: [warn] conflicting server name "spotweb.sprofix.com" on, ignored
Failed authorization procedure. www.sprofix.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.sprofix.com/.well-known/acme-challenge/_J4PsyWMdVkhNn-Xj-IJLgCjYa12G83DAoDGIOCCl-I: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>

 - The following errors were reported by the server:

   Domain: www.sprofix.com
   Type:   unauthorized
   Detail: Invalid response from
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version): nginx 1.10.3

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’ve about tried anything I can found on this site and nothing works for me. I have been using certbot for a couple years on this server without any issues and suddenly I am unable to get new certificates.
I put a test file in my acme-challenge as seen above, which works fine.

I’ve also tried directly running with certonly --webroot which also gave the same error. Also tried reinstalling certbot but the issue persists. I even went as far as completely purging certbot (bad choice, now all my domains lost their cert) and that didnt help either.

My nginx config:

server {
    server_name sprofix.com www.sprofix.com;

    access_log /srv/www/www.sprofix.com/logs/access.log;
    error_log /srv/www/www.sprofix.com/logs/error.log;
    root /srv/www/www.sprofix.com/public_html;

     listen 80;

    location / {
        index  index.html index.htm;

    location ~* .(woff|eot|ttf|svg|mp4|webm|jpg|jpeg|png|gif|ico|css|js)$ {
        expires 365d;

location ~ /.well-known/acme-challenge/ {
    allow all;

    location ~ \.php$ {
        include /etc/nginx/fastcgi_params;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /srv/www/www.sprofix.com/public_html$fastcgi_script_name;

Currently I am lost with what to do, maybe someone here has any suggestion? Thanks in advance!

Hi @guysp,

I suppose your problem is that your domain has configured AAAA records but your server is not configured properly to attend IPv6 requests (Let’s Encrypt prefers IPv6 over IPv4).

I can reach your test file using IPv4:

$ curl -ikL4 http://www.sprofix.com/.well-known/acme-challenge/test.html
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Feb 2018 11:07:52 GMT
Content-Type: text/html
Content-Length: 9
Last-Modified: Wed, 21 Feb 2018 10:49:04 GMT
Connection: keep-alive
ETag: "5a8d4ea0-9"
Accept-Ranges: bytes


but I can’t using IPv6:

$ curl -ikL6 http://www.sprofix.com/.well-known/acme-challenge/test.html
curl: (7) Failed to connect to www.sprofix.com port 80: Connection refused

You could try to fix your IPv6 server issues or remove the AAAA records for your domain and subdomain and try again.



Thanks so much! You are totally right, I did not think of that. This solved my issue, and now my sites will support ipv6 :slight_smile:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.