Hello,
When a try -ssl=on on a site, I get this error on the log (file and directory permissions are ok, and when I manually create /var/www/[domain]/htdocs/.well-known/acme-challenge/4p5hH4DSLWfSeHHHFYqpSO4Tn-h8CFYJ828aBDrWK3U I get the same 403 Forbidden error):
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: www.[domain]
Type: unauthorized
Detail: Invalid response from http://www.[domain]/.well-known/acme-challenge/4p5hH4DSLWfSeHHHFYqpSO4Tn-h8CFYJ828aBDrWK3U [161.35.140.234]: "<html>\r\n<head><title>403 Forbidden</title></head>\r\n<body>\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n"
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
2021-06-08 06:38:21,842:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 93, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 181, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2021-06-08 06:38:21,842:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-06-08 06:38:21,842:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-06-08 06:38:21,842:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/[domain]/htdocs/.well-known/acme-challenge/4p5hH4DSLWfSeHHHFYqpSO4Tn-h8CFYJ828aBDrWK3U
2021-06-08 06:38:21,842:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2021-06-08 06:38:21,843:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/snap/certbot/1201/bin/certbot", line 8, in <module>
sys.exit(main())
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/main.py", line 1552, in main
return config.func(config, plugins)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/main.py", line 1414, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/main.py", line 128, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/client.py", line 445, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/client.py", line 375, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/client.py", line 425, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 93, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 181, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2021-06-08 06:38:21,845:ERROR:certbot._internal.log:Some challenges have failed.