Certbot not creating acme-challenge folder

For some strange reason (I think the certbot script changed in some way), I was not able in any way to renew the certificates. I found this thread that finally helped me after almost 4 hours of research:

https://community.letsencrypt.org/t/solved-invalid-response-403-forbidden/64170/13

hope it helps somebody else.

The trick is to add this in the apache config :

DocumentRoot /var/lib/letsencrypt/http_challenges
    <Directory /var/lib/letsencrypt/http_challenges>
            Allow from All
    </Directory>

Hope it works for someone else!

I had a similar issue. My problem was, that I had this rule:

 location ~ /\. {
    access_log off;
    log_not_found off;
    deny all;
 }

these lines where canceling every acces to any directory starting with a "." (point)

The problem was the nginx configuration. I replaced my long configuration files with the simplest config possible:

server {
    listen 80;
    server_name domain.com www.domain.com git.domain.com;
    root /var/www/domain/;
}

Then I was able to issue new certificates.

The problem with my long configuration files was (as far as I can tell) that I had the these lines:

location ~ /.well-known {
    allow all;
}

But they should be:

location ~ /.well-known/acme-challenge/ {
    allow all;
}

Now the renewal works, too.

Certbot not creating acme-challenge folder

Tags:

Nginx

Https

Lets Encrypt

Certbot

Related

Recent Posts