invalid response 404 acme challenge certbot

September 22, 2019 2.7k views
Nginx Let's Encrypt

hi

I have a nginx docker that I use as reverse proxy. I been trying to auto renew my certs lately and followed this blog to do so. I had my certs working before but now they are not working.

My domain is:
1040nra.com

I ran this command:
certbot certonly –webroot -w /var/www/certbot -d 1040nra.com

It produced this output:

*Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for 1040nra.com
http-01 challenge for www.1040nra.com
Using the webroot path /var/www/certbot for all unmatched domains.
Waiting for verification…
Challenge failed for domain 1040nra.com
Challenge failed for domain www.1040nra.com
http-01 challenge for 1040nra.com
http-01 challenge for www.1040nra.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: 1040nra.com
Type: unauthorized
Detail: Invalid response from
http://1040nra.com/.well-known/acme-challenge/NX6nmGvCUpg5L_c_hGePFu6ffuu2wn6MJ2CWHsg3PSw
[167.99.107.175]: “\r\n404 Not
Found\r\n\r\n

404 Not
Found
\r\n
nginx/1.15.12</c”
Domain: www.1040nra.com
Type: unauthorized
Detail: Invalid response from
http://www.1040nra.com/.well-known/acme-challenge/UFJgtKNI2FZtJne5GGnEFeuYfMS8qVF_UlPTJpBOb9s
[167.99.107.175]: "\r\n404 Not
404 Not
nginx/1.15.12

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.*

My web server is (include version): spring boot [tomcat]

The operating system my web server runs on is (include version): ubuntu 18.04

My hosting provider, if applicable, is: digital ocean

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot –version or certbot-auto –version if you’re using Certbot):

Nginx.conf

server {
listen 80;
server_name 1040nra.com;
server_tokens off;

       location /.well-known/acme-challenge/ {
            allow all;
           root /var/www/certbot;
        }

    return 301 https://www.1040nra.com$request_uri;
}

server {
    listen 443 ssl;
    server_name 1040nra.com;
    ssl_certificate /etc/letsencrypt/live/1040nra.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/1040nra.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
         proxy_pass http://1040nra.com;
         proxy_http_version 1.1;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
    }

Docker compose

nginx:
image: nginx:1.15-alpine
volumes:
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
ports:
- 80:80
- 443:443
depends_on:
- keycloak
- dt-app
links:
- keycloak
- dt-app
command: “/bin/sh -c ‘while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g “daemon off;”’”
certbot:
image: certbot/certbot
restart: unless-stopped
volumes:
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
entrypoint: “/bin/sh -c ‘trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;’”
1 Answer

Hello,

I think that you are experiencing the problem because you don’t have your www version added in your server_name list. I would recommend trying to add it and then test again. It should look something like this for both your http and https server blocks:

server_name 1040nra.com www.1040nra.com;

Then run a config test with nginx -t and if you get Syntax OK run a quick restart and then try again.

Hope that this helps!
Regards,
Bobby

Have another answer? Share your knowledge.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!