Let's Encrypt trouble (with serving assets from a hidden directory)

I am trying to get Let’s Encrypt working on a Debian Stretch machine running Elixir 1.9.4. I installed Certbot and run

sudo certbot certonly --webroot --webroot-path /path_to_my_project/priv/static

which failed, as an invalid response was received:

" […] Phoenix.Router.NoRouteError at GET /.well-known/acme-challen"

Judging by information provided by this helpful guide, the problem is due to the non-serving of static assets from this hidden directory:


When I place, for example, a png inside /acme-challenge, the png is inaccessible from my browser. If I then rename /.well-known to /well-known, I am able to access it. As far as my Endpoint configuration is concerned, I am not setting either :only or :only_matching under Plug.Static, but even when I tried an :only word list that included “.well-known”, it did not work.

Any ideas as to what I should be trying next?

You can detach letsencrypt certificate renewal process from your code.
Try use letsencrypt outside elixir, maybe with DNS authorization.
In our case we have 25+ certificates with an umbrella app and use NGINX as a reverse proxy.
Our certificates renewal is done by a script with DNS authorization (Google DNS).

1 Like

Thanks for your informative response, Pedro. DNS authorization would be my preferred option as well, but is not possible at the present moment.

For anyone who runs into a similar problem in the future:

Testing whether or not assets are served from the hidden /.well-known/acme-challenge directory did not help in my case. In fact, it misled me into thinking that the issue might be Phoenix-related. My problem had to do with the port setting and was resolved by adding --http-01-port [myPort] to the certbot command.

1 Like