Certbot HTTP-01 challenge fails

Question

This might be a simple error but I can't seem to use certbot to verify my domain. I am using nginx that is connected to an express application. I have commented out the configurations from the default nginx file and it only includes the configurations for my site from /etc/nginx/conf.d/mysite.info. In my configuration, the first location entry points to the root /.well-known/acme-challenge directory. Here's the settings from my nginx conf file:

server {
    listen 80;

    server_name <MYDOMAIN>.info www.<MYDOMAIN>.info;

    location '/.well-known/acme-challenge' {
            root /srv/www/<MY_ROOT_DIRECTORY>;
    }

    location / {
            proxy_pass http://localhost:4200;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
    }
    location /secure {
            auth_pam "Secure zone";
            auth_pam_service_name "nginx";
    }

}

To verfiy, I used the following certbot command:

certbot certonly --agree-tos --email <My_EMAIL>@gmail.com --webroot -w /srv/www/<ROOT_FOLDER>/ -d <DOMAIN>.info

The error for certbot are as follows:

Performing the following challenges:
http-01 challenge for <MYDOMAIN>.info
Using the webroot path /srv/www/<ROOT_FOLDER> for all unmatched domains.
Waiting for verification...
Challenge failed for domain <MYDOMAIN>.info
http-01 challenge for <MYDOMAIN>.info
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: <MYDOMAIN>.info
   Type:   unauthorized
   Detail: Invalid response from
   http://<MYDOMAIN>.info/.well-known/acme-challenge/Yb3c1WtCn5G43YatrhVorTbT_nn3WKTLwKjr0c9dW8E
   [74.208.<...>.<...>]: "<!DOCTYPE html>\n<html
   lang=\"en\">\n<head>\n<meta
   charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot
   GET /.well-known/"

I am literally clueless at this point. All the directories and files have read permission for all users and groups. Any suggestions will be highly appreciated.

EDIT

Since Nginx was failing to deliver the challenge files, I modified my express server to send the files. The express app is accessible and it was easy to send the challenge files to get certbot to work. Although not the desired solution it worked. However, I will keep the post open for a better answer.

Answer 1

About:

Challenge failed for domain

This error can happen if you does not have the port 443 opened in your firewall.

I have the same problem trying to make the certbot works on AWS. After some tries, I just needed to open the port 443 in the Security Group associated with the EC2 instance.