Unauthorized Detail: Invalid response

I have a custom build web app, many domains point to it. In the domain control panel, I just update the server record with IP. is there a better way of handling the temporary challenge files created by Certbot. as the custom frontend mapped to many domains can't have .well-known folder and I am not sure why some domains are working but some of the domains are not working. please help.

My domain is: barnardgriffinsweeps.com

I ran this command: sudo /usr/bin/certbot certonly --webroot -d barnardgriffinsweeps.com -d www.barnardgriffinsweeps.com -w /usr/share/nginx/html

It produced this output: Requesting a certificate for barnardgriffinsweeps.com and www.barnardgriffinsweeps.comcertbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: barnardgriffinsweeps.com Type: unauthorized Detail: Invalid response from https://barnardgriffinsweeps.com/.well-known/acme-challenge/V8l8Jvv8PIHRcjqmElWDDJLheJAg-kMP_v0qD9U-mkU [157.230.65.154]: "\n<html lang="en">\n \n <meta charset="utf-8">\n <meta name="viewport" content="width=device-w" Domain: www.barnardgriffinsweeps.com Type: unauthorized Detail: Invalid response from https://barnardgriffinsweeps.com/.well-known/acme-challenge/t_hvg09-uonGNBhJJd12UGYbMahM9vPWFciTp8VIhr4 [157.230.65.154]: "\n<html lang="en">\n \n <meta charset="utf-8">\n <meta name="viewport" content="width=device-w"Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.17.0

Hi @hafizSiddiq7675, and welcome to the LE community forum :slight_smile:

I see a few problems.

Here, order matters.
You must declare the domains last - after the full webroot parameters:

Try instead:

sudo /usr/bin/certbot certonly --webroot -w /usr/share/nginx/html \
-d barnardgriffinsweeps.com -d www.barnardgriffinsweeps.com

I see that nginx is being used:
[abbreviated output]

curl -Iki http://barnardgriffinsweeps.com/
Server: nginx/1.16.1

But the HTTP challenge requests are not being handled in HTTP and are being redirected to HTTPS:
[abbreviated output]

curl -Iki http://barnardgriffinsweeps.com/.well-known/acme-challenge/test-file-1234
HTTP/1.1 301 Moved Permanently
Location: https://barnardgriffinsweeps.com/.well-known/acme-challenge/test-file-1234

So that leads me to believe that your vhost config is either misconfigured or fails to follow the simplest path.
Please show the related HTTP vhost config.