Will using proxy_pass for subdomain affect installation process?


Hey everyone,

I have ran an install of certbot for my domains domain.net and www.domain.net
this worked wonderfully and I was able to secure the website.

I have a blog that I would like to secure. On the server, it is setup with ghost in a separate folder and I am running a proxy pass on:2000. Now I have tried to run the installer again to cover the blog.domain.net and www.blog.domain.net and I am getting an error ‘Failed Authorization Procedure’.

I have tried placing:
location ~ /.well-known {
allow all;

within the sites-available/domain.net.conf file, as well as the con.f/domain.net/conf file and still whenever I run certbot it is outputting:

Failed authorization procedure. blog.repcleaner.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://blog.domain.net/.well-known/acme-challenge/FVQmSHuCmeiOObPDOCiD2OFP8Ivvst5n2ZwIZoeXGU8: "<html>
404 Not Found

404 Not Found



Note* i replaced my actual website domain with ‘domain’ in the above example


Without your real domain name it’s very difficult to test and diagnose.

Basically you need to provide a pure text file in your webroot/.well-known/acme-challenge/test and for it to be accessible from the internet at blog.domain.net/.well-known/acme-challenge/test


Hi Thanks for the response serverco,

I was able to figure out the issue. I provided a direct path instead of allow all.
location ~ /.well-known {

However, now my site is showing as secure/encrypted but it is returning an nginx 403 forbidden :frowning:


Again I’d be guessing without a little more detail.

Do you have somthing different in your config - such as a “Order allow,deny” but no “Allow from all” in the HTTPS part of the config ?


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.