.well-known/acme-challenge path access 404

Hey Karan Shah,

Even my website was running without any issues for past 1 Year, Suddenly after 28th Dec 2021, Cert expired and facing same issue as you,
I found that nginx released an update on 29th Dec 2021,
Also found that /.well-known/acme-challenge/ is not accessible,
So i suspect below has changed/stopped working with latest nginx,
location ^~ /.well-known/acme-challenge/ {
allow all;
root /var/www/certbot;
I tried placing test.html inside /var/www/certbot location and when hitting the path we only get 404

You can only set up the HTTPS part again after you get a certificate and only then you need to enable the redirect again.. .

Hi @VishalCB and welcome to the LE community forum :slight_smile:

Please show the complete config, with:
nginx -T


Hi @rg305 :slight_smile:

My nginx config as below,

server {

  listen 80;
  server_name sanyoeng.com www.sanyoeng.com;
  server_tokens off;

  location /.well-known/acme-challenge/ {
      root /var/www/certbot;

  location / {
    return 301 https://$host$request_uri;

server {
    listen 443 ssl;
    server_name sanyoeng.com;
    server_tokens off;

    ssl_certificate /etc/letsencrypt/live/sanyoeng.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/sanyoeng.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

  location /api/ {
    proxy_pass http://backend:5000;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
        try_files $uri $uri/ /index.html;

    error_page   500 502 503 504  /50x.html;

  location = /50x.html {
    root   /usr/share/nginx/html;

My certificate was working fine till 29th December 2021, And certificate cannot be renewed from that date,

I tried below with nginx config,

  • Stopped https redirect
  • Placed a test.html file inside root path /var/www/certbot/ of location /.well-known/acme-challenge/
  • Couldn't access it (Error 404)
  • Tried placing the same test.html file to root /usr/share/nginx/html of location /
  • Can access without any issue
  • Tried giving the root path of /.well-known/acme-challenge/ same as location / (/usr/share/nginx/htm)
  • Couldn't access it (Error 404)
  • Same file in same path can be accessed from location / but not from /.well-known/acme-challenge/

I'm sure there is a lot more to the config that you haven't shown.

Try this:
mkdir -p /var/www/certbot/.well-known/acme-challenge/
echo "Test_File-1234" > /var/www/certbot/.well-known/acme-challenge/Test_File-1234

Then (from Internet):


Hi @rg305 ,

Tried creating the folders and files as you suggested,
I can access it via

But its not accessible via
Not sure why nginx not serving www.sanyoeng.com

When renewing certs, it fails for www.sanyoeng.com

I see you got a new cert for your apex domain although your www domain is not working.

The www.sanyoeng.com DNS points to a different IP group than your apex name. These are related to AWS Global Accelerator. I do not know which one is correct for your setup but they should be consistent. If I had to guess I think your www DNS should be just the one IP that your apex domain uses.

Name:   sanyoeng.com
Name:   www.sanyoeng.com
Name:   www.sanyoeng.com

The responses to the www domain requests were also inconsistent:

curl -i http://www.sanyoeng.com/.well-known/acme-challenge/Test_File-1234
(Note: EC2 related Server header)

HTTP/1.1 404 Not Found
Date: Wed, 05 Jan 2022 02:50:25 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 48
Connection: keep-alive
Server: ip-10-123-122-241.ec2.internal
X-Request-Id: d51895d7-315f-48fa-9cab-d9e981aab459

curl -i https://www.sanyoeng.com/.well-known/acme-challenge/Test_File-1234
(No response - timed out)

Thanks @MikeMcQ!

My DNS had a subdomain redirect which resulted in inconsistent ip addresses,
I have managed to get both sanyoeng.com and www.sanyoeng.com to point to same IP.

Now below both can be accessed,

Now i can able to renew my cacerts with letsencrypt!!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.