Unable to issue SSL cert using certbot for domain where a subdirectory within the public_html dir is hosting the primary site

In advance, apologies for the shoddy attempt at anonymity, client website so I am unable to provide specifics.

My domain is: example.com/store

I ran this command: certbot-auto certonly -a webroot --webroot-path=/home/example/web/example.com/public_html -d www.example.com -d example.com

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.example.com
http-01 challenge for example.com
Using the webroot path /home/example/web/example.com/public_html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. example.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://example.com/store/: Error getting validation data, www.example.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.example.com/store/: Error getting validation data

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: example.com
  Type: connection
  Detail: Fetching http://example.com/store/: Error getting
  validation data

  Domain: www.example.com
  Type: connection
  Detail: Fetching http://example.com/store/: Error getting
  validation data

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address. Additionally, please check that
  your computer has a publicly routable IP address and that no
  firewalls are preventing the server from communicating with the
  client. If you’re using the webroot plugin, you should also verify
  that you are serving files from the webroot path you provided.

My web server is (include version): nginx/1.10.3

The operating system my web server runs on is (include version): Debian 3.16.0-4-amd64

My hosting provider, if applicable, is: Self hosted

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): VestaCP

Looks like it’s redirecting everything to the /store/ folder.
That may break the auth requests.
Try excluding /.well-known/acme-challenge requests from the redirection.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.