Let's Encrypt SSL throwing 404

Question

I just installed nginx on my VPS and created 2 websites on there.

api.school-alert.cz

server {
    server_name  api.school-alert.cz;
    index index.html index.htm;
    access_log /var/log/nginx/bmiapp.log;
    error_log  /var/log/nginx/bmiapp-error.log error;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:8080;
        proxy_redirect off;
    }
}

and school-alert.cz

server {
    server_name  school-alert.cz;
    index index.html index.htm;
    access_log /var/log/nginx/bmiapp.log;
    error_log  /var/log/nginx/bmiapp-error.log error;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:3000;
        proxy_redirect off;
    }
}

I have already created a certificate for api.school-alert.cz but for some reason, when I try to create certificate for the other domain name I get an error. Specificaly when running "certbot --nginx" or "certbot -d school-alert.cz". This is the error I get:

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: school-alert.cz
  Type:   unauthorized
  Detail: 2a02:2b88:1:4::16: Invalid response from http://school-alert.cz/.well-known/acme-challenge/Qo8DXVvUsxXzGda633bnyrcMN6_pnyzP09gce11lNBQ: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.

I have been trying to fix this for days, but didn't find a solution yet, I would greatly appreciate your help.

Both websites are easily accessible on the internet http://api.school-alert.cz:8080/ http://school-alert.cz/

Answer 1

api.school-alert.cz is a subdomain of school-alert.cz . From your description, you have created a certificate for the subdomain, but didn't add the domain to the certificate.

To fix the existing certificate so it works with the domain and subdomain, run:

sudo certbot nameofcertificate -d school-alert.cz -d api.school-alert.cz -d www.school-alert.cz (sudo may not be necessary if you're using the server plugin for Apache or Nginx.) Add your certificate name where it says "name of certificate." This is usually your domain's name also. You can find the certificate name by running the command sudo certbot certificates .

Now the domain, subdomain, and www prefixed URL are covered under your current certificate.

Answer 2

After many days of battling with this problem I found out the real reason for why it was working for my subdomain and not for my domain was that my domain provider has set up default dns records for that domain. These dns records pointed to a server I do not own, so I couldn't authorize for the ssl certificate.