Let's Encrypt invalid response, token file 404

Ubuntu 18.04.1 LTS
ISPConfig 3.1.13
nginx

I'm having some trouble obtaining Let's Encrypt certificates. I've tried with and without "Skip Lets Encrypt Check" enabled. When it is enabled, the warning shows me the command that was issued. Here's what I get when I issue the command manually:

Code:

#
/usr/bin/letsencrypt certonly -n --text --agree-tos --expand --authenticator webroot --server https://acme-v02.api.letsencrypt.org/director
y --rsa-key-size 4096 --email postmaster@testing.[domain].com  --domains testing.[domain].com --webroot-path /usr/local/ispconfig/interface
/acme
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for testing.[domain].com
Using the webroot path /usr/local/ispconfig/interface/acme for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. testing.[domain].com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient autho
rization :: Invalid response from http://testing.[domain].com/.well-known/acme-challenge/gL6rp6uI1IcLYtExxa8AqcxqdZkTA5g-kuA-jmfoLYQ: "<html
>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: testing.[domain].com
   Type:   unauthorized
   Detail: Invalid response from
   http://testing.[domain].com/.well-known/acme-challenge/gL6rp6uI1IcLYtExxa8AqcxqdZkTA5g-kuA-jmfoLYQ:
   "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body
   bgcolor=\"white\">\r\n<center><h1>404 Not
   Found</h1></center>\r\n<hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

Running dig confirms that the DNS A record is correct. What might cause the token file to not be served properly?

Here's my htf_report.txt:

Code:

##### SERVER #####
IP-address (as per hostname): ***.***.***.***
[WARN] could not determine server's ip address by ifconfig
[INFO] ISPConfig is installed.

##### ISPCONFIG #####
ISPConfig version is 3.1.13


##### VERSION CHECK #####

[INFO] php (cli) version is 7.2.10-0ubuntu***.***.***.***

##### PORT CHECK #####

[WARN] Port 143 (IMAP server) seems NOT to be listening
[WARN] Port 993 (IMAP server SSL) seems NOT to be listening
[WARN] Port 110 (POP3 server) seems NOT to be listening
[WARN] Port 995 (POP3 server SSL) seems NOT to be listening
[WARN] Port 465 (SMTP server SSL) seems NOT to be listening
[WARN] Port 22 (SSH server) seems NOT to be listening

##### MAIL SERVER CHECK #####

[WARN] I found no "submission" entry in your postfix master.cf
[INFO] this is not critical, but if you want to offer port 587 for smtp connections you have to enable this.
[WARN] I found no "smtps" entry in your postfix master.cf
[INFO] this is not critical, but if you want to offer SSL for smtp (not TLS) connections you have to enable this.

##### RUNNING SERVER PROCESSES #####

[INFO] I found the following web server(s):
    Unknown process (nginx:) (PID 26707)
[INFO] I found the following mail server(s):
    Postfix (PID 1184)
[WARN] I could not determine which pop3 server is running.
[WARN] I could not determine which imap server is running.
[INFO] I found the following ftp server(s):
    PureFTP (PID 22366)

##### LISTENING PORTS #####
(only        ()
Local        (Address)
[anywhere]:80        (26707/nginx:)
[anywhere]:8080        (26707/nginx:)
[anywhere]:8081        (26707/nginx:)
[anywhere]:21        (22366/pure-ftpd)
***.***.***.***:53        (519/systemd-resolve)
[anywhere]:25        (1184/master)
[localhost]:6010        (19225/sshd:)
[anywhere]:443        (26707/nginx:)
[anywhere]:18878        (675/sshd)
*:*:*:*::*:80        (26707/nginx:)
*:*:*:*::*:8080        (26707/nginx:)
*:*:*:*::*:21        (22366/pure-ftpd)
*:*:*:*::*:25        (1184/master)
*:*:*:*::*:6010        (19225/sshd:)
[localhost]8878        (675/sshd)
*:*:*:*::*:3306        (22234/mysqld)




##### IPTABLES #####
Chain INPUT (policy ACCEPT)
target     prot opt source               destination       

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination       

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination       

 

I don't have any ProxyPass line. What should it be and how does it normally get there? I don't recall seeing anything about it in the setup tutorial.

Thanks for your help.

 

Thanks for your suggestion. I've at least been able to eliminate this as a possibility. I don't have and shouldn't need any proxy_pass. I've posted a new thread with the problem narrowed down here. I know you're not an nginx guy, and this is firmly in nginx territory now. I just wanted to update you and say thanks for giving it a shot.