Unauthorized when generating cert

Hello, I am trying to generate certificates for my website http://www.walletfp.com/. In fact, I succeded some days ago by doing the exact same manipulation for a deleted since url www.test.walletfp.com on the same provider ( ovh for the domain). I am wondering if the problem can come from my old cert file still there

My domain is: http://www.walletfp.com/

I ran this command: docker run --rm -ti -v /root/certbot/www/:/var/www/certbot/ -v /root/certbot/conf/:/etc/letsencrypt/ certbot/certbot certonly --webroot --webroot-path /var/www/certbot/ -d walletfp.com -d www.walletfp.com

It produced this output:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: walletfp.com
Type: unauthorized
Detail: The key authorization file from the server did not match this challenge

The operating system my web server runs on is debian 10

My hosting provider, if applicable, is: Hostinger

I can login to a root shell on my machine: yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is last docker certbot image

What is serving the files in /root/certbot/www and with what configuration?

1 Like

It's an nginx server serving var/www/certbot:

server {
  listen 80;
  listen [::]:80;
  server_name walletfp.com www.walletfp.com;
  server_tokens off;
  location /.well-known/acme-challenge/ {
      root /var/www/certbot;

This config is not changed from the version working

Is that a path for the host machine or a path inside the container?

1 Like

It is a path inside the container. In the host server the certificates are located at /certbot/conf/live

maybe it is a problem of propagation though, the pointing to a new ip is from this afternoon

And nginx is inside the container or on the host machine?


inside the container but accessible by the exterior.
The container is launched doing the following:
docker run -d -p 80:80 -p 443:443 -v /root/certbot/www/:/var/www/certbot/ -v /root/certbot/conf/:/etc/nginx/ssl/ --name walletfp-react walletfp-react

So, it should work. It's probably some kind of strange issue that arises when sharing a volume with two containers (are they using the same uids? is it a permission issue?)

1 Like

the most strange part is that it worked for test.walletfp.com.
I deleted all the test. and use exactly the same config.
Maybe the propagation of dns? My domain is in France and my host in holland

You can try using --standalone instead of --webroot (and obviously the appropriate proxy_pass directives in the location block)

1 Like

Will do. can you be more specific about the proxy_pass? I remove my --webroot and --webrootpath I guess?

Please read the appropriate documentation.

You'll make certbot start its own webserver and nginx will behave as a reverse proxy. This way you don't share the webroot volume and this possible conflict gets avoided.

You should really be using docker-compose, though.

1 Like

Perhaps there is some useful information in the certbot log file:

Also, we should have a look at the complete nginx config:
nginx -T

1 Like

guys I was juste stupid. My ipv4 was ok but I didn't change the ipv6 dns parameter. Works perfectly with the good value

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.