Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: flowjo.bectondickinson.cn
I ran this command: certbot certonly --webroot -w /var/www/certbot --staging --email shaun.rasmusen@bd.com -d flowjo.bectondickinson.cn --non-interactive --debug-challenges --rsa-key-size 4096 --agree-tos --force-renewal
It produced this output:
> Saving debug log to /var/log/letsencrypt/letsencrypt.log
> Plugins selected: Authenticator webroot, Installer None
> Obtaining a new certificate
> Performing the following challenges:
> http-01 challenge for flowjo.bectondickinson.cn
> Using the webroot path /var/www/certbot for all unmatched domains.
> Waiting for verification...
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Challenges loaded. Press continue to submit to CA. Pass "-v" for more info about
> challenges.
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Challenge failed for domain flowjo.bectondickinson.cn
> http-01 challenge for flowjo.bectondickinson.cn
> Cleaning up challenges
> Some challenges have failed.
> IMPORTANT NOTES:
> - The following errors were reported by the server:
>
> Domain: flowjo.bectondickinson.cn
> Type: connection
> Detail: Fetching
> http://flowjo.bectondickinson.cn/.well-known/acme-challenge/ghTb6dQm88ZyESI6oqoSvvLsW3Zc6htOlzSuYRc0gaQ:
> Error getting validation data
> 2020-04-21 21:51:00,412:DEBUG:acme.client:Received response:
> HTTP 200
> // Headers
>
> {
> "identifier": {
> "type": "dns",
> "value": "flowjo.bectondickinson.cn"
> },
> "status": "invalid",
> "expires": "2020-04-28T21:50:55Z",
> "challenges": [
> {
> "type": "http-01",
> "status": "invalid",
> "error": {
> "type": "urn:ietf:params:acme:error:connection",
> "detail": "Fetching http://flowjo.bectondickinson.cn/.well-known/acme-challenge/ghTb6dQm88ZyESI6oqoSvvLsW3Zc6htOlzSuYRc0gaQ: Error getting validation data",
> "status": 400
> },
> "url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/50740473/rFhzKw",
> "token": "ghTb6dQm88ZyESI6oqoSvvLsW3Zc6htOlzSuYRc0gaQ",
> "validationRecord": [
> {
> "url": "http://flowjo.bectondickinson.cn/.well-known/acme-challenge/ghTb6dQm88ZyESI6oqoSvvLsW3Zc6htOlzSuYRc0gaQ",
> "hostname": "flowjo.bectondickinson.cn",
> "port": "80",
> "addressesResolved": [
> "52.82.113.238",
> "52.83.189.224"
> ],
> "addressUsed": "52.82.113.238"
> }
> ]
> }
> ]
> }
My web server is (include version): nginx version: openresty/1.15.8.1
The operating system my web server runs on is (include version): docker version 19.03.8
My hosting provider, if applicable, is: AWS China
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.38.0
I am able to access a file placed at /.well-known/acme-challenge via http://flowjo.bectondickinson.cn/.well-known/acme-challenge/testfile. Running a test on letsdebug.net also provided no errors.