Attempting to renew cert... (Dry run)

OK definitely something was being cached.
From other system, I get:
image

But that should have been:
"you found me"

So we have a typo/syntax/logic problem there.

Try:

server {
   listen 80;
   server_name test.ericmauldin.info;
   location /.well-known/acme-challenge/ {
      root /root/recipe-app-backend/;
      #try_files $uri 404;
      return 200 "you found me";
   }#location
   location / {
      #return 301 https://$host$request_uri;
      return 200 "you didn't find me";
   }#location
}#server

that should be found

Copied, pasted and restarted nginx.

Hallelujah!!!
image

Now remove the two “finds” and two #

server {
  listen 80;
  server_name test.ericmauldin.info;
  location /.well-known/acme-challenge/ {
     root /root/recipe-app-backend/;
     try_files $uri 404;
  }#location
  location / {
     return 301 https://$host$request_uri;
  }#location
}#server

Aaaaaand done and restarted

OK the redirection looks good:

curl -Iki http://test.ericmauldin.info/
HTTP/1.1 301 Moved Permanently
Server: nginx/1.17.10 (Ubuntu)
Date: Thu, 07 May 2020 20:37:35 GMT
Content-Type: text/html
Content-Length: 179
Connection: keep-alive
Location: https://test.ericmauldin.info/

But the “test-file” is still not accessible:
[make sure you didn’t delete it and it is still there - check file rights too]

curl -Iki http://test.ericmauldin.info/.well-known/acme-challenge/test-file
HTTP/1.1 404 Not Found
Server: nginx/1.17.10 (Ubuntu)
Date: Thu, 07 May 2020 20:37:51 GMT
Content-Type: text/html
Content-Length: 163
Connection: keep-alive

to be clear, the test-file.txt should be in the root level of my app, correct?

/recipe-app-backend/test-file.txt is where it lives at the moment

To be clear:
The file name is: test-file
The location is: /root/recipe-app-backend/
The URL is: http://test.ericmauldin.info/.well-known/acme-challenge/test-file

ok i have renamed to test-file (dropping the .txt)

Does not match:

Two differences…

paths:
/recipe-app-backend/
not equal
/root/recipe-app-backend/

filename:
test-file.txt
not equal
test-file

got it. We are now working with /root/recipe-app-backend/test-file

You are going to have to check you server logs (error logs).
It fails to find that file.
[tried multiple browsers and curl]

Forgot that we never added logging…
Try:

server {
  listen 80;
  server_name test.ericmauldin.info;
  location /.well-known/acme-challenge/ {
     root /root/recipe-app-backend/;
     access_log /some/path/you/like/access-log-file-name.txt
     error_log /some/path/you/like/error-log-file-name.txt
     try_files $uri 404;
  }#location
  location / {
     return 301 https://$host$request_uri;
  }#location
}#server

Thank you this is done and restarted nginx

I’m getting a 404. Just for my sanity, here is a list of the files…

root@atl:~/recipe-app-backend# ls -a
. .env models package-lock.json schema.sql test-file
… .git node_modules public seed.sql
controllers index.js package.json routes sessions

That doesn’t look like anything that should be made directly accessible from the Internet.
I suggest you create a brand new folder just for the ACME Challenges.
Lets call it:
/root/ACMEChallenges/
And use that as the root path in the challenge location section.

For that, just change:
root /root/recipe-app-backend/;
to:
root /root/ACMEChallenges/;
or:
root /var/ACMEChallenges/;
or any other path you like

Then place a test-test file in that folder (with some generic text inside it) and restart nginx.
[note: Linux is case sensitive]

This is done. Also, here are the error logs…

2020/05/07 21:08:18 [crit] 43393#43393: *1 stat() “/root/recipe-app-backend/.well-known/acme-challenge/test-file” failed (13: Permission denied), client: 136.55.43.112, server: test.ericmauldin.info, request: “GET /.well-known/acme-challenge/test-file HTTP/1.1”, host: “test.ericmauldin.info”

Looks like you need to include a directory statement or that path and provide it with normal access rights.

On second thought, the folder permissions are probably too restrictive.
Probably for good reason.
So it may be better to use another folder path - a completely new one.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.