The operating system my web server runs on is (include version): Debian 9.2
My hosting provider, if applicable, is: digitalocean
I can login to a root shell on my machine (yes or no, or I don’t know):yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): bash
In my Nginx configuration file at /etc/nginx/sites-available/default I add this code at **server **:
location ~ /.well-known {
allow all;
root /usr/share/nginx/html;
}
After running the command: sudo certbot certonly -a webroot --webroot-path=/var/www/html -d protrack.by I get the following errors reported.
2017-10-15 12:32:01,991:DEBUG:certbot.main:Root logging level set at 30
2017-10-15 12:32:01,993:INFO:certbot.main:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2017-10-15 12:32:01,994:DEBUG:certbot.main:certbot version: 0.10.2
2017-10-15 12:32:01,994:DEBUG:certbot.main:Arguments: ['-q']
2017-10-15 12:32:01,995:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#webroot,PluginEntryPoin$2017-10-15 12:32:01,996:DEBUG:certbot.renewal:no renewal failures
Nginx’s error.log is empty
Certbot error
sudo certbot certonly -a webroot --webroot-path=/var/www/html -d protrack.by
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for protrack.by
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. protrack.by (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://protrack.by/.well-known/acme-challenge/k5dXhtkYzxkfjFcXKVKVMlQ5lS5BHxWsX3SRWDPoxt0: "
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
It seems Nginx isn’t handling /.well-known/acme-challenge/ statically, as you wanted it to. Instead it’s passing it to Django, which isn’t configured to handle it either.
What’s the Nginx virtual host’s whole configuration?
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
location ~ /.well-known {
allow all;
root /var/www/html;
}
root /var/www/html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}