Let's encrypt Failed authorization procedure


I’m newbie here
I have trouble setting up Let’s encrypt for my sub domain
I followed excat steps at https://docs.gitlab.com/ee/user/project/pages/lets_encrypt_for_gitlab_pages.html also followed some steps at https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx
But it always failing to verify

I read somewhere about configuring nginx but i don’t know how to do it.

Please help

Note: domain redacted

Waiting for verification...
Cleaning up challenges
Failed authorization procedure. sub.domain.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://gitlab.com/-/acme-challenge?domain=sub.domain.com&token=xxxxxxxx[]: "<!DOCTYPE html>\n<html>\n<head>\n  <meta content=\"width=device-width, initial-scale=1, maximum-scale=1\" name=\"viewport\">\n  <title>T"

 - The following errors were reported by the server:

   Domain: sub.domain.com
   Type:   unauthorized
   Detail: Invalid response from
   https://gitlab.com/-/acme-challenge?domain= sub.domain.com&token=xxxxxx
   []: "<!DOCTYPE html>\n<html>\n<head>\n  <meta
   content=\"width=device-width, initial-scale=1, maximum-scale=1\"
   name=\"viewport\">\n  <title>T"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

First of all, check whether GitLab answers at http://sub.domain.com. Let's Encrypt needs it to verify your domain.

I don’t know what you mean by checking.

But nevermind, I realize let’s encrypt is a pain to setup. Cloudflare is a lot easier

I had no problems with Let’s Encrypt.

Just click http://sub.domain.com. What do you get?

You can also run

telnet sub.domain.com 80

. What do you get?

Just out of curiosity, why are you not following the steps on the new instructions steps as the one you are following are deprecated?