After running the command: ./letsencrypt-auto certonly -a webroot --webroot-path=/usr/share/nginx/html -d codepajamas.com -d www.codepajamas.com I get the following errors reported. Note: I’m running all these commands from a sudo user.
I’m running Nginx and Unicorn to a Ruby on Rails app and when I visit the page in the browser I get the Rails default 404 error message instead of my test page I created. All folders are set to permissions 755. Since I’m using Nginx my well-known folder location is actually at: /usr/share/nginx/html/.well-known
In my Nginx configuration file at /etc/nginx/sites-available/default I set the following
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.html index.htm;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
location ~ /.well-known {
allow all;
}
}
You mentioned that you’re using unicorn as a backend server. You should have a proxy_pass directive pointing to the unicorn port or socket somewhere in your server block, or otherwise nginx wouldn’t be sending traffic to unicorn. Are you sure this is the correct server block/config file?
http://codepajamas.com/.well-known/acme-challenge/test I get a standard 404 screen from Rails (which means my rails app is spun up by nginx and unicorn and there is no route for /.well-known/…) the test file does not appear.
I set all permissions on /usr/share/nginx/html/.well-known to 755 also. There was nothing in the folder and there are no pem files appearing in /etc/letsencrypt/ either…
Those instructions are not specific to your hosting provider. These things work exactly the same on every VPS/dedicated server out there.
More specifically, those instructions work on a standard nginx instance. In your case, however, you’re using nginx as a reverse proxy, forwarding all traffic to unicorn. Unicorn doesn’t know (or care) about nginx’s webroot, nor does rails.
You can use grep -r "proxy_pass" /etc/nginx to find the configuration file that actually handles the traffic to your rails app, and add the following section in the server block:
This will tell nginx that requests to /.well-known/acme-challenge should be served from your webroot (/usr/share/nginx/html), while everything else will still be served by unicorn/rails.