Unauthorized 404 on renew

Here it is: https://www.sergioloporto.com/.well-known/acme-challenge/samplefile.html

Even tough there is the acme-challenge folder, still the same error when running the renew.

I am really thinking whether it is not a permission problem. Now the nginx user www-data:www-data has permissions. Maybe root should be? Because certbot renew runs with sudo...
just thinking out loud....

but in the other websites there is the same user and group in the .well-known folder and all works fine... strange

==========
I can add that in error.log I see that there is an appempt to read the file:

2023/01/23 22:59:38 [error] 2930478#2930478: *403672 open() "/var/www/sergioloporto.com/.well-known/acme-challenge/Npv0-0mXXGLlakZM41zHGWy6FjXhTiKlVfc5R9Sw2so" failed (2: No such file or directory), client: 34.210.241.121, server: www.sergioloporto.com, request: "GET /.well-known/acme-challenge/Npv0-0mXXGLlakZM41zHGWy6FjXhTiKlVfc5R9Sw2so HTTP/1.1", host: "sergioloporto.com", referrer: "http://sergioloporto.com/.well-known/acme-challenge/Npv0-0mXXGLlakZM41zHGWy6FjXhTiKlVfc5R9Sw2so"

So it probably means that certbot is not adding any files to the acme-challenge folder ... what do you think?

I am reading the log file and I think I spotted something interesting:

2023-01-23 23:04:43,237:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/sergioloporto.com/sergioloporto.com/.well-known/acme-challenge/A9TIVA28QqP51gcm8UU3Jk-G-AE8cpH0NMV43G5id9Q

I then fixed the path in /etc/letsencrypt/renewal/sergioloporto.com.conf and it's now working fine

3 Likes