Unauthorized Detail: Invalid response

I have a custom build web app, many domains point to it. In the domain control panel, I just update the server record with IP. is there a better way of handling the temporary challenge files created by Certbot. as the custom frontend mapped to many domains can't have .well-known folder and I am not sure why some domains are working but some of the domains are not working. please help.

My domain is: barnardgriffinsweeps.com

I ran this command: sudo /usr/bin/certbot certonly --webroot -d barnardgriffinsweeps.com -d www.barnardgriffinsweeps.com -w /usr/share/nginx/html

It produced this output: Requesting a certificate for barnardgriffinsweeps.com and www.barnardgriffinsweeps.comcertbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: barnardgriffinsweeps.com Type: unauthorized Detail: Invalid response from https://barnardgriffinsweeps.com/.well-known/acme-challenge/V8l8Jvv8PIHRcjqmElWDDJLheJAg-kMP_v0qD9U-mkU [157.230.65.154]: "\n<html lang="en">\n \n <meta charset="utf-8">\n <meta name="viewport" content="width=device-w" Domain: www.barnardgriffinsweeps.com Type: unauthorized Detail: Invalid response from https://barnardgriffinsweeps.com/.well-known/acme-challenge/t_hvg09-uonGNBhJJd12UGYbMahM9vPWFciTp8VIhr4 [157.230.65.154]: "\n<html lang="en">\n \n <meta charset="utf-8">\n <meta name="viewport" content="width=device-w"Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.17.0

Hi @hafizSiddiq7675, and welcome to the LE community forum

I see a few problems.

Here, order matters.
You must declare the domains last - after the full webroot parameters:

Try instead:

sudo /usr/bin/certbot certonly --webroot -w /usr/share/nginx/html \
-d barnardgriffinsweeps.com -d www.barnardgriffinsweeps.com

I see that nginx is being used:
[abbreviated output]

curl -Iki http://barnardgriffinsweeps.com/
Server: nginx/1.16.1

But the HTTP challenge requests are not being handled in HTTP and are being redirected to HTTPS:
[abbreviated output]

curl -Iki http://barnardgriffinsweeps.com/.well-known/acme-challenge/test-file-1234
HTTP/1.1 301 Moved Permanently
Location: https://barnardgriffinsweeps.com/.well-known/acme-challenge/test-file-1234

So that leads me to believe that your vhost config is either misconfigured or fails to follow the simplest path.
Please show the related HTTP vhost config.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.