404 Not Found .well-known nginx drupal 7


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: franchiseek.com

I ran this command: certbot-auto --nginx -d franchiseek.com -d www.franchiseek.com

It produced this output:

Printed out html for a not found 404 page saying client lacks authentication.

My web server is (include version): 14.04 Ubuntu

The operating system my web server runs on is (include version):
Nginx Ubuntu 14.04

My hosting provider, if applicable, is: Me

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

.htaccess in site root added the following: RewriteRule “/.|^.(?!well-known/)” - [F]

Added to sites-enabled drupal and sites-available drupal:

location ~* ^/.well-known/ {
allow all;
}

Any advice appreciated.


#2

Is Varnish sitting in front of or behind nginx?

Edit: I’m going to bed, but if it’s sitting in front, it might be helpful to post your full Varnish VCL to check whether the request is making it to nginx unmolested.


#3

Okay so I guess you have nginx on port 8080 and varnish on port 80, right? :wink: So you might have better luck with

certbot-auto --nginx -d franchiseek.com -d www.franchiseek.com --http-01-port 8080

The additional option tells certbot to use port 8080 to complete the challenge; it won’t make any difference to the CA which will still connect on port 80, but hopefully varnish will proxy it to the correct place.

It’s also worth noting that varnish doesn’t natively support HTTPS, so when certbot automatically configures nginx to enable HTTPS on port 443, that will be nginx listening directly on port 443, bypassing varnish. If you want to keep varnish involved, you could configure nginx with a separate server block on port 443 that just proxies back to varnish on port 80 (this example may help), which in turn proxies back to the original nginx backend on port 8080. I’ve done something similar with Apache but it was on a fairly low-traffic site so I don’t know how it holds up under load.

Also, Drupal 7 tries to guess whether it’s running on HTTP or HTTPS so that it can generate URLs correctly for stylesheets etc, but if it’s behind a proxy it can guess wrong and leave your site looking like the theme is broken. The fix I usually use is to add something like this to settings.php:

if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
  $_SERVER['HTTPS'] = 'on';
}

(this depends on the X-Forwarded-Proto header that’s added to the nginx proxy config in the example I linked above). Alternatively you can set $base_url to the HTTPS version of your site, which works just fine in most cases.

If the above does not help then please share your full varnish vcl and the relevant nginx configuration :slight_smile: