Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: mrtrobotics.com
I ran this command:
command: certonly --webroot --webroot-path=/var/www/html --email elearning@wemakerobot.com --agree-tos --no-eff-email **--expand** -d mrtrobotics.com -d www.mrtrobotics.com **-d edu.mrtrobotics.com**
It produced this output:
certbot | Saving debug log to /var/log/letsencrypt/letsencrypt.log
certbot | Plugins selected: Authenticator webroot, Installer None
certbot | Renewing an existing certificate
certbot | Performing the following challenges:
certbot | http-01 challenge for edu.mrtrobotics.com
certbot | Using the webroot path /var/www/html for all unmatched domains.
certbot | Waiting for verificationâŚ
certbot | Challenge failed for domain edu.mrtrobotics.com
certbot | http-01 challenge for edu.mrtrobotics.com
certbot | Cleaning up challenges
certbot | Some challenges have failed.
certbot | IMPORTANT NOTES:
certbot | - The following errors were reported by the server:
certbot |
certbot | Domain: edu.mrtrobotics.com
certbot | Type: unauthorized
certbot | Detail: Invalid response from
certbot | https://www.mrtrobotics.com/content-18/ [149.28.180.33]: "
certbot | html>\n\n\n
certbot | charset=âUTF-8â>\ncontent - MRT Robotics | Coding,
certbot | Robotics, and STEM Edu"
certbot |
certbot | To fix these errors, please make sure that your domain name was
certbot | entered correctly and the DNS A/AAAA record(s) for that domain
certbot | contain(s) the right IP address.
My web server is (include version): Nginx
The operating system my web server runs on is (include version): Ubuntu
My hosting provider, if applicable, is: Vultr
I can login to a root shell on my machine (yes or no, or I donât know): yes
Iâm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if youâre using Certbot):
I just would like to expand my certificate for edu.mrtrobotics.com
and I am only getting an error.
nginx.conf
server {
listen 80;
listen [::]:80;
server_name mrtrobotics.com www.mrtrobotics.com;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}
location / {
rewrite ^ https://$host$request_uri? permanent;
}
}
server {
listen 80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name edu.mrtrobotics.com;
ssl_certificate /etc/letsencrypt/live/mrtrobotics.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mrtrobotics.com/privkey.pem;
include /etc/nginx/conf.d/options-ssl-nginx.conf;
location / {
proxy_pass https://127.0.0.1/edu$request_uri;
proxy_set_header Host mrtrobotics.com;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mrtrobotics.com www.mrtrobotics.com;
index index.php index.html index.htm;
root /var/www/html;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/mrtrobotics.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mrtrobotics.com/privkey.pem;
include /etc/nginx/conf.d/options-ssl-nginx.conf;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# enable strict transport security only if you understand the implications
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass wordpress:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off; access_log off;
}
location = /robots.txt {
log_not_found off; access_log off; allow all;
}
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
}
docker-compose.yml
version: â3â
services:
db:
image: mysql:8.0
container_name: db
restart: unless-stopped
env_file: .env
environment:
- MYSQL_DATABASE=wordpress
volumes:
- ./db-data:/var/lib/mysql
command: ââdefault-authentication-plugin=mysql_native_passwordâ
networks:
- app-network
wordpress:
depends_on:
- db
image: wordpress:5.1.1-fpm-alpine
container_name: wordpress
restart: unless-stopped
env_file: .env
environment:
- WORDPRESS_DB_HOST=db:3306
- WORDPRESS_DB_USER=$MYSQL_USER
- WORDPRESS_DB_PASSWORD=$MYSQL_PASSWORD
- WORDPRESS_DB_NAME=wordpress
volumes:
- ./wordpress/:/var/www/html
- ./wordpress/php.ini:/usr/local/etc/php/conf.d/uploads.ini
networks:
- app-network
phpmyadmin:
depends_on:
- db
image: phpmyadmin/phpmyadmin:latest
restart: unless-stopped
ports:
- â8080:80â
env_file: .env
environment:
- PMA_HOST=db
- MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD
volumes:
- ./wordpress/php.ini:/usr/local/etc/php/php.ini
networks:
- app-network
webserver:
depends_on:
- wordpress
image: nginx:1.15.12-alpine
container_name: webserver
restart: unless-stopped
ports:
- â80:80â
- â443:443â
volumes:
- ./wordpress:/var/www/html
- ./nginx-conf:/etc/nginx/conf.d
- ./certbot-etc:/etc/letsencrypt
networks:
- app-network
certbot:
depends_on:
- webserver
image: certbot/certbot
container_name: certbot
volumes:
- ./certbot-etc:/etc/letsencrypt
- ./wordpress:/var/www/html
command: certonly --webroot --webroot-path=/var/www/html --email elearning@wemakerobot.com --agree-tos --no-eff-email âexpand -d mrtrobotics.com -d www.mrtrobotics.com -d edu.mrtrobotics.com
volumes:
certbot-etc:
wordpress:
db-data:
networks:
app-network:
driver: bridge