404 error when getting certificate

VadimIV · September 15, 2018, 1:15am

Good day. I need help to get certificate.
My nginx config like this:

server {
listen *:80;
server_name grafana.$domain.com;
root /srv/www/htdocs/;
access_log /var/log/nginx/grafana.$domain.com.access.log;
error_log /var/log/nginx/grafana.$domain.com.error.log;
client_max_body_size 10m;
location /.well-known {
root /srv/www/htdocs/;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3000;
}
}

The return of " certbot-auto certonly --dry-run -a webroot -w /etc/letsencrypt/live/grafana.domain.com/ -d grafana.domain.com" command is:

Domain: grafana.domain.com
Type: unauthorized
Detail: Invalid response from
http://grafana.domain.com/.well-known/acme-challenge/FF2B4zU2pE7FBB0cMgpcMolGC8igaUIZA9Pd2UNrPRU:
html>

404 Not Found

"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

But "curl -I http://grafana.****.com/.well-known/acme-challenge/test " return :

HTTP/1.1 200 OK
Server: nginx/1.13.9
Date: Sat, 15 Sep 2018 01:07:26 GMT
Content-Type: application/octet-stream
Content-Length: 7
Last-Modified: Fri, 14 Sep 2018 12:12:18 GMT
Connection: keep-alive
ETag: “5b9ba5a2-7”
Accept-Ranges: bytes
And one refinement. I have one more vhost on this server which have certbot no errors.

Will thanks for help.

stevenzhu · September 15, 2018, 1:19am

Hi,

The webroot plugin’s path is asking you where let’s encrypt should place the validation token file, not where the certificate should’ve been placed.

According to your server configuration file, the correct command should be:
certbot-auto certonly --dry-run -a webroot -w /srv/www/htdocs/ -d your domain

Replace your domain with the real domain & execute the above command please.

Thank you

mnordhoff · September 15, 2018, 1:47am

Since you’re using Nginx, you could also use “certbot-auto certonly --nginx -d grafana.domain.com”, or just “certbot-auto --nginx -d grafana.domain.com” to have Certbot (try to) get the certificate and automatically configure Nginx.

stevenzhu · September 15, 2018, 1:58am

The OP has defined a root at .well-known…(same as the overall document root) will that even work with Nginx plugin?

mnordhoff · September 15, 2018, 2:12am

Yes. I don’t remember exactly what it does, but the Nginx plugin should override that with no problem.

system · October 15, 2018, 10:15am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.