Unexpected 404 error

Help
1

I have an unexpected 404 error. I read and check everything, but it's strange I can see the expected value in the challenge link, but certbot getsa 404 error.

this is my domain is: peleahani.com

command:

certbot -v -n --nginx -w /var/www/html -d $DOMAIN -d www.$DOMAIN -d api.$DOMAIN -d panel.$DOMAIN -d panel2.$DOMAIN --debug-challenges

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Requesting a certificate for peleahani.com and 4 more domains
Performing the following challenges:
http-01 challenge for api.peleahani.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Challenges loaded. Press continue to submit to CA.

The following URLs should be accessible from the internet and return the value
mentioned:

URL:
http://api.peleahani.com/.well-known/acme-challenge/fOkL2189wNHmjvA_Gtu83i4L3PPoJtmW8flHtFRqmr4
Expected value:
fOkL2189wNHmjvA_Gtu83i4L3PPoJtmW8flHtFRqmr4.DmLoOKlXMsET_9gDBd0UKYKhGmkh792uuxn084B5j9A
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Waiting for verification...
Challenge failed for domain api.peleahani.com
http-01 challenge for api.peleahani.com

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: api.peleahani.com
  Type:   unauthorized
  Detail: MY_SERVER_IP: Invalid response from http://api.peleahani.com/.well-known/acme-challenge/fOkL2189wNHmjvA_Gtu83i4L3PPoJtmW8flHtFRqmr4: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

I have these:

  • Nginx 1.18.0
  • Ubuntu 22.04.5
  • certbot 4.0.0

I checked my .well-known config, and it's correct because I received a certificate with the same configuration before.

I tried to check if the challenge link was accessible or not, and clicked on the challenge link in certbot output, and got the expected value in the link. But in Nginx logs, I have these lines:

23.178.112.104 - - [30/May/2025:06:35:38 +0000] "GET /.well-known/acme-challenge/jvkk-_pqsMEySOP5teH6Ahliim2cg-TKLJkowPFLX1w HTTP/1.1" 404 117 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" -
xx.my.ip.xxx - - [30/May/2025:06:35:41 +0000] "GET /.well-known/acme-challenge/jvkk-_pqsMEySOP5teH6Ahliim2cg-TKLJkowPFLX1w HTTP/1.1" 200 118 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0" -

I didn't do any upgrades on version or config lately.
Does anyone know what the issue is?

1 Like
2

Welcome to the community @saderi

A "404" (HTTP Not Found) error is unusual with the --nginx plugin.

If your nginx config is large or takes longer than usual to reload, adding a longer sleep will help. Add the following to your command (details see Certbot docs).

--nginx-sleep-seconds 5

The default is 1 which is usually enough but not always.

If that doesn't help it would be helpful to see the log for a failed request
/var/log/letsencrypt/letsencrypt.log

Is this a large nginx setup? Or will it become one? Because we don't recommend using the --nginx option for those.

4 Likes