First of all thank you for your help.
The thing is that I'm having problems applying certbot to my site configured in nginx, I'm not an expert on the subject so I've been guided by a tutorial. Anyway, here are my settings:
clarify that the domain points to the IP and the site is accessible from the internet through port 80
/etc/nginx/conf.d/lexapp.es.conf
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
server_name lexapp.es;
}
The command I try :
sudo certbot --nginx -d lexapp.es
The results I get :
Plugins selected: Authenticator nginx, Installer nginx
Requesting a certificate for lexapp.es
Performing the following challenges:
http-01 challenge for lexapp.es
Waiting for verification...
Challenge failed for domain lexapp.es
http-01 challenge for lexapp.es
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: lexapp.es
Type: unauthorized
Detail: 2a02:4780:1:753:0:3313:4df6:5: Invalid response from
http://lexapp.es/.well-known/acme-
challenge/ebE6_4SJ0B0yOIzWDyoIdWP0q0fZTldwteCaiORiBNo:
404
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
I would appreciate any help
Related
i don't understand what i'm doing wrong so i hope somebody can help :)
When i access http://10.0.0.54/index.html i get the right page but if i try to access http://10.0.0.54 instead of showing the index file it redirects me to https://10.0.0.54 showing error 502 bad gateway.
This is the configuration /etc/nginx/sites-available/default
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html/salvaderi;
index index.html;
server_name _;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html/salvaderi;
}
location / {
root /var/www/html/salvaderi;
index index.html;
}
}
I am running nginx 1.18.0 on ubuntu 22.04
i tried changing parameters inside location /{} but i always get the same result. I also changed the root directory and made sure permission where set right. Searching on for the solution i saw other people having problems about PHP and FastCGI but i am not using it.
Your configuration about to be right.
Possible there is some kind of proxy or load-balancer is placed between you and nginx you configuring since you got redirect to HTTPS whether there is no any redirection instructions in your config and, in the same time, there is no listen 443 ssl in config, but you still got response on HTTPS request.
I'd check next:
Is 10.0.0.54 in fact IP of your server?
Is there any return 301, return 302 or rewrite instructions in your nginx config (the better
way is to dump config with nginx -T command and look over).
Didn't
you previously have configured some redirects that may have been
cached by your web client previously? Try to send GET request with
curl instead of web browser (if browser been used for tests).
I am trying to generate an ssl certificate on an AWS EC2 nano machine configured with a NGINX server.
My NGINX configuration file is as follows:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
server_name my_server_name.com;
}
When I check my Nginx configuration with the following command :
nginx -t
this error is returned:
nginx: [emerg] a duplicate default server for 0.0.0.0:80 in /etc/nginx/sites-enabled/default:22 nginx: configuration file /etc/nginx/nginx.conf test failed
Of course, when I try to go further in generating the SSL certificate with the following command:
certbot certonly --dry-run
the following error is returned:
Error while running nginx -c /etc/nginx/nginx.conf -t.
What changes/commands do I need to make to generate the SSL certificate ?
I have modified my Nginx configuration file in a thousand ways, without success.
Assuming you have installed NGINX correctly on your machine, for Certbot to take into account your configuration, you must first move (or delete) the default one located here:
/etc/nginx/sites-enabled/
for this, you will need these 2 commands:
cd /etc/nginx/sites-enabled/
rm default
Once these 2 commands are done, you have to switch off the NGINX server to generate the SSL certificate, using this command:
service nginx stop
Now you can restart your command and generate the SSL certificate with :
certbot certonly
I am trying to install a Let's Encrypt SSL certificate across four sites:
mysite.com
es.mysite.com
fr.mysite.com
de.mysite.com
I ran the following command: certbot --nginx -d mysite.com -d www.mysite.com which worked fine for mysite.com, es.mysite.com, fr.mysite.com. When I ran the sudo certbot --nginx -d de.mysite.com is got the following error:
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: de.mysite.com
Type: unauthorized
Detail: Invalid response from
https://de.mysite.com/.well-known/acme-challenge/te29XBKAQdQBbQxvzPTgfgaFpzM_OUj6b4gSuiuPvOI
[MY IP ADDRESS]: "\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML
1.0 Transitional//EN\"
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\r\n<"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
I then tried to install the certificate manually using the following code: certbot certonly --manual -d de.mysite.com . I was then asked Are you ok with your IP being loggged? I selected Y and hit enter. Then I followed this step:
Create a file containing just this data:
SJpIiQET8X0vehhTjmcPBrm3zsbS1p8f9Mf2oKE5l5w.SkXszSMjtmN2-3gN7kkDhgSElerR3H1MgUc9N8z70n4
And make it available on your web server at this URL:
http://de.mysite.com/.well-known/acme-challenge/SJpIiQET8X0vehhTjmcPBrm3zsbS1p8f9Mf2oKE5l5w
I pressed Enter to Continue and then got the same error:
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: de.mysite.com
Type: unauthorized
Detail: Invalid response from
https://de.mysite.com/.well-known/acme-challenge/SJpIiQET8X0vehhTjmcPBrm3zsbS1p8f9Mf2oKE5l5w
[MY IP ADDRESS]: "\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML
1.0 Transitional//EN\"
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\r\n<"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Can anyone advise how to resolve this error and successfully install the Let's Encrypt SSL certificate?
Thanks.
I managed to resolve my issue. I had to include the following in my nginx config first:
location ~ /.well-known {
allow all;
}
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /data/wordpress/mysite/;
}
location = /.well-known/acme-challenge/ {
return 404;
}
Then I had to install the Let's Encrypt SSL certificate manually by running certbot certonly --manual -d de.mysite.com and followed the steps to successfully install the certificate.
I am "newbie" I installed a "nginx" and "https" with this tutorial:
https://www.supinfo.com/articles/single/3558-installer-certificat-ssl-nginx-avec-let-s-encrypt.
my domains worked well and were accessible in https but I turned off my server too long and left the certificate expired.
now I can not renew my certificates because the command line does not work if the certificate has expired how to do it? Thank you
the error message
Attempting to renew cert from /etc/letsencrypt/renewal/info.fr.conf produced an unexpected error: Failed authorization procedure. info.fr (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://info.fr/.well-known/acme-challenge/PwznYVREcdpBsSMDPhP_lp3s1bqbidN83z1lyNXm3Yc: Connection refused. Skipping.
Remove you letsencrypt folder and try to reinstall certificates like a first time
sudo rm -rf /etc/letsencrypt
this is the easiest way
If prev way is not for you:
Comment out all strings that use certificates
Change line listen *:443 ssl; to listen *:80;
Restart nginx
service nginx restart
Try to renew certificates
Again change line listen *:80 to listen *:443 ssl;
Uncomment all lines that use certificates
Restart nginx again
I've start certbot process with:
sudo certbot --nginx -d example.com -d www.example.com
but I forgot to add 'www.example.com' in 'servernam' nginx virtualsite for example.com
server {
(...)
server_name example.com www.example.com;
(...)
}
then i've got the certificate but not the auto complet process to config my nginx with ssl
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for examle.com
tls-sni-01 challenge for www.example.com
Cleaning up challenges
Cannot find a VirtualHost matching domain www.example.com. In order for Certbot to correctly perform the challenge please add a corresponding server_name directive to your nginx configuration: https://nginx.org/en/docs/http/server_names.html
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
It's like I wrote just:
cerbot --certonly --standalone -d example.com
because I have just the certificate, now the config on nginx it's ok, i can lauch again the process and overwrite all the old values ? is there a problem with Let's Encrypt Certificate Authority , call again a new certificate for the same domain? what is the solution? delete all again, or complete the rest of process ( nginx config) by hand ?
It's possible with cerbot to launch again the ssl for domains already created. In my case when domains fails, and it's the first time you use certbot. Nginx config is changed but not totally , so when you try second time that will be complet and update nginx config. Certbot just update the config for the domain, and comment the old lines that it think are duplicated and inserting the new ones , addigng #manage by Certbod, so when you need to renovate your certificate Cerbot can change smartly the lines.
Example my nginx config ,with the first try, and second:
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
# Redirect non-https traffic to https
# if ($scheme != "https") {
# return 301 https://$host$request_uri;
# } # managed by Certbot