Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
It produced this output:
Challenge failed for domain www.exampleapi.com
http-01 challenge for www.exampleapi.com
Cleaning up challenges Some challenges have failed.
The following errors were reported by the server:
Domain: www.exampleapi.com
Type: unauthorized
Detail: 12.127.423.123: Invalid response from Loading...
challenge/S9rQiQXAa_92vMoC9ITqSxeoqvbrLYmF2Ma11T8g1w4:
403
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
nginx 1.25.4
The operating system my web server runs on is (include version):
ubuntu 20.04
My hosting provider, if applicable, is:
godaddy
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0
server {
server_name example.com http://example.com/ exampleapi.com
http://exampleapi.com/ www.example.com http://www.example.com/
www.exampleapi.com http://www.exampleapi.com/;
location / {
root /var/www/example.com/html/;
index index.html index.htm index.nginx-debian.html;
}
location /api {
proxy_pass https://exampleapi.com https://exampleapi.com/;
proxy_set_header Host exampleapi.com http://exampleapi.com/;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if $host = example.com http://example.com/ {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name example.com http://example.com/ exampleapi.com
http://exampleapi.com/ www.exampleapi.com http://www.exampleapi.com
www.example.com http://www.example.com/;
return 404; # managed by Certbot
}
Do those files exist? Because those files are usually only created after a successful Certbot run. You cannot refer to non-existent files in nginx conf.
That is not valid syntax either. You should probably spend some time at nginx documentation
the test is successfull no syntax error. It seems like it is no longer possible to edit the question once u permit right?
I managed to make ssl certificate for two domains around 1 year ago but now i got another domain and wanted to make ssl certificate for a new one thats why it does not work. example.com is for the front end and exampleapi.com for the backend.
the backend domain is new one exampleapi.com and i am trying to add new ssl cert for this one which does not work.
This last case u make is also not related to the actuall problem bc the actuall syntax looks like this: (unfortunatly i can not edit the question once permited)
if ($host = example.com) {
return 301 https://$host$request_uri;
}
This is correct syntax. So your remarks are right however non of them are actually related to the Problem why it does give that error. Even if i had those Syntaxs errors the actuall error message which i posted woud have been related to syntex and not to the issue. You could easily make assumptions that those are mistakes made during the question description
Yes, I could but you would be surprised at the kinds of things we see Making assumptions like that often lead to lots of confusion.
When posting config text you could use the "Preformatted Text" option to preserve the original.
So, let's ignore the syntax. We will need to know your actual domain to provide specific help. The error message from your very old Certbot v0.40 does not provide enough info to even begin to suggest anything. The "403" in the error is just too common and we need at least the "subreason" provided by later versions.
You should change to the snap version of Certbot. Ubuntu easily supports that
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Making assumptions like that often lead to lots of confusion.