So I had a lot of problems with this stuff. Essentially, an error means that certbot could not find the file it was looking for when testing your site. This has a number of potential reasons, so I will try to summarize, because I came across most of them when I asked it. For more help, I found github readme much more useful than docs.
First of all, it should be noted that in order to support acme resolution, you need to start the nginx service. You don't seem to be saying this, so start with that.
sudo service nginx start
However, everything here is based on the location of the website file on which you are trying to create the certificate. If you do not know where it is, it will be in the corresponding configuration file under /etc/nginx , which largely depends on your version of NGINX, but is usually located under /etc/nginx/nginx.conf or /etc/nginx/sites-enabled/[site-name] or /etc/nginx/conf/[something].conf . Note that the configuration file must be specified (or at least its directory) under /etc/nginx/nginx.conf so that you can start there.
This is an important folder because it is the folder that certbot needs to be changed. He has to create some files in the subfolder structure, which URL, which he is trying to read, returns data from these files. The folder that he is trying to create will be under the root directory that you specify in the folder:
/.well-known/acme-challenge
Then he will try to create a file with an obscure name (I think this is a GUID) and read this file from the URL. Something like:
http://example.com/.well-known/acme-challenge/abcdefgh12345678
This is important because if your root directory is poorly configured, the URL will not match the folder and authorization will fail. And if certbot does not have write permissions to folders when it starts, the file will not be created, so authorization will fail. I ran into these two problems.
In addition, you may have noticed that the above URL is http not https . This is also important. I used the existing encryption tool, so I had to configure NGINX to allow me to browse the folder tree. / well -known in port 80 instead of 443 , while preserving most of my data under a secure https url. These two things make the somewhat complicated NGINX file, so here is an example configuration for the link.
server { listen 80; server_name example.com; location '/.well-known/acme-challenge' { default_type "text/plain"; root /home/example; } location '/' { return 301 https://$server_name$request_uri; } }
This allows port 80 to be used for all certbot related issues, while maintaining security for the rest of my website. You can change the permissions of the directory to make sure that certbot has write access to the files or just started it as root:
sudo ./certbot-auto certonly
After receiving the certificate, you will also need to install it in your configuration, but this is beyond the scope of this question, so here is the link .