Fifth domain on nginx redirecting to first - Hugo site - cannot generate letsencrypt certs, acme challenge failing with invalid response.

September 28, 2016 80 views
Let's Encrypt LEMP Ubuntu

When trying to setup a new domain (domain5.com) as a Hugo site under Nginx, I'm not able to a) access the new site, b) generate certs from letsencrypt/certbot because it can't access the .well-known/acme-challenge/ dir.

I've read every page I can find over the last few hours trying solutions other people have tried. None have worked. Here's a few:

  • put a location block in the config to 'allow all' for that directory
  • double-checked all settings for domain typos, including the Hugo base-url
  • created a simplified nginx .conf for the new domain, only enabling http (listen 80) and creating the location-allow block too
  • created a test.txt in the dir in question, which I haven't been able to access yet
  • I am reloading the config after every change
  • I've tried to change permissions of the acme-challenge folder to 755, and of the site root itself to the nginx user (chown www-data:www-data domain5 -R)

Every time I try to access http or https, www or non-www, domain5.com in various combinations, including with /index.html etc. I get redirected to the first domain of this droplet, the one it was initially set up for.

Not as simple an exercise as I set out to do! In theory it was just a case of copying an existing working nginx config, creating the letsencrypt certs and finalising the site. In practice... modified existing nginx config is not working like the other 2 hugo sites and letsencrypt needs to see the site to generate the first cert. Which it can't do!

Also to note: my other letsencrypt certs are renewing fine on 2 other domains on the same VPS (one a Drupal site, the other a Hugo site), their nginx configs are working fine and are basically the same as this new one I'm trying.

Thanks for your help.

1 Answer


My Nginx reloads were not happening due to a previous config error (setting a root and an alias in the same location). nginx -t and service nginx restart are your friends...

gentle facepalm

Have another answer? Share your knowledge.