Getting a free SSL Cert

Using SSL on your site is a great idea. It adds a much higher level of security over classic HTTP, which your users will gladly appreciate. This can easily be done with certbot and a little bit of troubleshooting.

How to Generate an SSL Cert

First go over to Certbot’s site and follow the instructions for your OS/Webserver. After installing you will run a command similar to this to generate your certificate:

/PATH/TO/certbot-auto certonly --webroot -w /PATH/TO/webroot -d YOUR_DOMAIN.com

The dreaded error

Do you happen to be getting this error?

urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://YOUR_DOMAIN.com/.well-known/acme-challenge/ [YOUR_IP]: 404

Don’t worry, it’s more common than you think.

Why is this error happening?

Certbot is trying to verify your domain. It is making a folder inside your webroot called .well-known. Certbot than tries to access YOUR_DOMAIN.com/.well-known/acme-challenge. If it can’t, it is a simple Nginx fix.

How to fix the error

Open your nginx config in /etc/nginx/sites-available/default

Add the following to your server{} block.

location ~ /.well-known {
    default_type "text/plain";
    root /PATH/TO/webroot;
}

Run nginx -t to make sure your config is ok then run sudo service nginx restart. Once nginx restarts run the certbot command above again and you should be good to go!