Cannot load certificate "/etc/ssl/private/": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)

froggyten · August 29, 2023, 9:52pm

I ran this command:
nginx -t

It produced this output:
cannot load certificate "/etc/ssl/private/": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)

My web server is (include version):
nginx version: nginx/1.24.0

The operating system my web server runs on is (include version):

Amazon Linux EC2 
ami-08a52ddb321b32a8c

My hosting provider, if applicable, is:
AWS

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

The version of my client is:
acme-nginx 0.3.3

I originally ran this command:
sudo acme-nginx -d e-hoang.com -d www.e-hoang.com

Which outputted this:

2023-08-29 21:42:49,533 - INFO - trying to create account key /etc/ssl/private/letsencrypt-account.key
2023-08-29 21:42:49,705 - INFO - trying to register acmev2 account
2023-08-29 21:42:50,343 - INFO - already registered
2023-08-29 21:42:50,344 - INFO - trying to create domain key
2023-08-29 21:42:50,344 - INFO - acmev2 http challenge      
2023-08-29 21:42:50,344 - INFO - preparing new order        
2023-08-29 21:42:50,777 - INFO - order created
2023-08-29 21:42:51,146 - INFO - verifying domain www.e-hoang.com
2023-08-29 21:42:51,199 - INFO - adding nginx virtual host and completing challenge
2023-08-29 21:42:51,199 - INFO - created challenge file into /tmp/tmp4gdjk8h_
2023-08-29 21:42:51,199 - INFO - writing virtual host into /etc/nginx/sites-enabled/0-letsencrypt.conf2023-08-29 21:42:51,200 - INFO - running nginx -s reload
2023-08-29 21:42:51,227 - ERROR - failed to reload nginx
2023-08-29 21:42:51,228 - ERROR - b'nginx: [emerg] cannot load certificate "/etc/ssl/private/": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)\n'
2023-08-29 21:42:51,228 - INFO - writing challenge file into /etc/nginx/sites-enabled/0-letsencrypt.conf
2023-08-29 21:42:51,228 - INFO - asking acme server to verify challenge
2023-08-29 21:42:51,681 - INFO - waiting for www.e-hoang.com challenge verification
2023-08-29 21:42:52,085 - ERROR - www.e-hoang.com challenge did not pass: {'identifier': {'type': 'dns', 'value': 'www.e-hoang.com'}, 'status': 'invalid', 'expires': '2023-09-05T21:28:44Z', 'challenges': [{'type': 'http-01', 'status': 'invalid', 'error': {'type': 'urn:ietf:params:acme:error:connection', 'detail': '35.172.110.80: Fetching http://www.e-hoang.com/.well-known/acme-challenge/4-B8B_IJYI_evOq_ZcN7-izBhZTh_oG_-f_ZJlBX9t0: Connection refused', 'status': 400}, 'url': 'https://acme-v02.api.letsencrypt.org/acme/chall-v3/259557528006/yJM8oQ', 'token': '4-B8B_IJYI_evOq_ZcN7-izBhZTh_oG_-f_ZJlBX9t0', 'validationRecord': [{'url': 'http://www.e-hoang.com/.well-known/acme-challenge/4-B8B_IJYI_evOq_ZcN7-izBhZTh_oG_-f_ZJlBX9t0', 'hostname': 'www.e-hoang.com', 'port': '80', 'addressesResolved': ['35.172.110.80'], 'addressUsed': '35.172.110.80'}], 'validated': '2023-08-29T21:42:51Z'}]}
2023-08-29 21:42:52,085 - INFO - removing /tmp/tmp4gdjk8h_/4-B8B_IJYI_evOq_ZcN7-izBhZTh_oG_-f_ZJlBX9t0
2023-08-29 21:42:52,085 - INFO - removing /etc/nginx/sites-enabled/0-letsencrypt.conf
2023-08-29 21:42:52,086 - INFO - removing /tmp/tmp4gdjk8h_
2023-08-29 21:42:52,086 - INFO - running nginx -s reload
2023-08-29 21:42:52,112 - ERROR - failed to reload nginx
2023-08-29 21:42:52,112 - ERROR - b'nginx: [emerg] cannot load certificate "/etc/ssl/private/": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)\n'

I'm concerned about the two errors.
First is cannot load certificate.
Here is what I have in that directory:

 letsencrypt-account.key
 letsencrypt-domain.key

Why did acme.nginx not create a PEM file?

Here is a copy of my nginx.conf:

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.include /usr/share/nginx/modules/*.conf;events {    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    keepalive_timeout   65;
    types_hash_max_size 4096;

    include             /etc/nginx/mime.types;
    include             /etc/enginx/conf.d/*conf;
    include             /etc/nginx/sites-enabled/*;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80;
        listen       443 ssl;
        server_name www.e-hoang.com;
        ssl_certificate /etc/ssl/private/;
        ssl_certificate_key /etc/ssl/private/letsencrypt-domain.key;
        ssl_protocols TLSv1.2 TLSv1.3;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        error_page 404 /404.html;
        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    }
}

Then the second issue is why is there a 400 status?

{
  "type": "http-01",
  "status": "invalid",
  "error": {
    "type": "urn:ietf:params:acme:error:connection",
    "detail": "35.172.110.80: Fetching http://www.e-hoang.com/.well-known/acme-challenge/4-B8B_IJYI_evOq_ZcN7-izBhZTh_oG_-f_ZJlBX9t0: Connection refused",
    "status": 400
  },
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/259557528006/yJM8oQ",
  "token": "4-B8B_IJYI_evOq_ZcN7-izBhZTh_oG_-f_ZJlBX9t0",
  "validationRecord": [
    {
      "url": "http://www.e-hoang.com/.well-known/acme-challenge/4-B8B_IJYI_evOq_ZcN7-izBhZTh_oG_-f_ZJlBX9t0",
      "hostname": "www.e-hoang.com",
      "port": "80",
      "addressesResolved": [
        "35.172.110.80"
      ],
      "addressUsed": "35.172.110.80"
    }
  ],
  "validated": "2023-08-29T21:42:51Z"
}

Here are my security group settings for this EC2 instance:
ALLOW HTTP from all IPv4
ALLOW HTTPS from all IPv4
ALLOW SSH from all IPv4

Please let me know if there is any more information I can provide, I have been pulling my hear for a couple of hours trying to resolve this now..
Thank you so much in advance!

MikeMcQ · August 29, 2023, 10:54pm

Welcome to the community @froggyten

The key part of the error is the "Connection Refused". Let's Encrypt servers could not reach your domain on HTTP. You need HTTP working to get a cert so that you can use HTTPS. nginx will not start if you include non-existing cert files in the config. (or, use the DNS Challenge but that is often harder).

I cannot connect from my own test server in AWS. And neither can Let's Debug test site. This site is helpful for testing connections on new sites.

You should re-check your EC2 Security Group. And, any firewall you might have in your o/s. Do you have any other things like ACL access rules that might limit access?

Can you connect to your own site from outside the local system? Like with a mobile phone with wifi disabled so using your carrier network?

froggyten · August 29, 2023, 11:40pm

Hello,

Sorry for the late reply, was having issues SSH into this instance.

I'm now able to hit http://www.e-hoang.com

As well, letsDebug has all Okay for Http-01.

It is displaying the nginx home instead of my edited site. I believe I will have to change the nginx.conf file.

I will do that at a later time.

Any ideas why I'm unable to create a .pem file with the above acme.nginx command?

rg305 · August 29, 2023, 11:45pm

Now that nginx is running again, you might want to check that entire config before you try getting a cert.
nginx -T

MikeMcQ · August 30, 2023, 12:45am

The Let's Debug test is now showing good communications. But, you still have a poorly working nginx.

It returns a 502 Bad Gateway error for any request even your "home" page. You need to have nginx working properly use it for the HTTP Challenge to get a cert.

You should be able to reproduce this from any browser outside the local system

Reviewing your nginx config like rg305 suggested is a good start

curl -i4 -m10 e-hoang.com
HTTP/1.1 502 Bad Gateway
Server: nginx
Date: Wed, 30 Aug 2023 00:42:25 GMT

Rip · August 30, 2023, 12:57am

Sorry if this is "off topic", but if you are pulling your hair out can you send some to me?
You are in good hands with Rudy and Mike, but they have hair to spare!
Just a little levity. ;0)

webprofusion · August 30, 2023, 2:42am

Doesn't this need to point to a specific certificate file (like fullchain.pem) rather than just a directory?

froggyten · August 30, 2023, 3:21am

Thank you Ryan.

At this point my nginx.conf is I (I believe) correct.
I just ran:
nginx -t

and received:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

I'm still at the point now where I'm receiving the following error, a 404:
https://acme-v02.api.letsencrypt.org/acme/chall-v3/259560267646/xq0NVg

after running:
sudo acme-nginx -d e-hoang.com -d www.e-hoang.com

Here is the full nginx -T result:

**ginx: configuration file /etc/nginx/nginx.conf test is successful**
**# configuration file /etc/nginx/nginx.conf:**
**# For more information on configuration, see:**
**#   * Official English Documentation: http://nginx.org/en/docs/**
**#   * Official Russian Documentation: http://nginx.org/ru/docs/user nginx;worker_processes auto;error_log /var/log/nginx/error.log notice;**
**pid /run/nginx.pid;**
**# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.**
**include /usr/share/nginx/modules/*.conf;**

**events {**
**    worker_connections 1024;**
**}**

**http {**
**    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '**
**                      '$status $body_bytes_sent "$http_referer" '**
**                      '"$http_user_agent" "$http_x_forwarded_for"';**
**    access_log  /var/log/nginx/access.log  main;**

**    sendfile            on;**
**    tcp_nopush          on;**
**    keepalive_timeout   65;**
**    types_hash_max_size 4096;**

**    include             /etc/nginx/mime.types;**
**    include             /etc/enginx/conf.d/*conf;**
**    include             /etc/nginx/sites-enabled/*;**
**    default_type        application/octet-stream;**

**    # Load modular configuration files from the /etc/nginx/conf.d directory.**
**    # See http://nginx.org/en/docs/ngx_core_module.html#include**
**    # for more information.**
**    include /etc/nginx/conf.d/*.conf;**

**    }**

**# configuration file /etc/nginx/mime.types:**

**REMOVED configuration file types**

# configuration file /etc/nginx/sites-enabled/e-hoang:
server_tokens               off;
access_log                  /var/log/nginx/e-hoang.access.log;
error_log                   /var/log/nginx/e-hoang.error.log;

# This configuration will be changed to redirect to HTTPS later
server {
  server_name               .e-hoang.com;
  listen                    80;
  location / {
    proxy_pass              http://localhost:8000;
    proxy_set_header        Host $host;
  }
location /static {
        autoindex on;
        alias /var/www/e-hoang.com/static/;
}
}

froggyten · August 30, 2023, 3:23am

Yes correct, after running:
sudo acme-nginx -d example.com -d www.example.com

There is not .pem file created in the directory:
/etc/ssl/private

It only generated the following:

 letsencrypt-account.key
 letsencrypt-domain.key

rg305 · August 30, 2023, 3:44am

That output seems incomplete.

froggyten · August 30, 2023, 3:59am

Hi Ryan,

Here is the compete nginx -T output:

(env) [root@ip-10-0-0-13 ~]# nginx -T

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    keepalive_timeout   65;
    types_hash_max_size 4096;

    include             /etc/nginx/mime.types;
    include             /etc/enginx/conf.d/*conf;
    include             /etc/nginx/sites-enabled/*;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    }

# configuration file /etc/nginx/mime.types:
types {
application/A2L                                 a2l;
application/AML                                 aml;
application/andrew-inset                        ez;
application/ATF                                 atf;
application/ATFX                                atfx;
application/ATXML                               atxml;
application/atom+xml                            atom;
application/atomcat+xml                         atomcat;
application/atomdeleted+xml                     atomdeleted;
application/atomsvc+xml                         atomsvc;
application/atsc-dwd+xml                        dwd;
application/atsc-held+xml                       held;
application/atsc-rsat+xml                       rsat;
application/auth-policy+xml                     apxml;
application/bacnet-xdd+zip                      xdd;
application/calendar+xml                        xcs;
application/cbor                                cbor;
application/cccex                               c3ex;
application/ccmp+xml                            ccmp;
application/ccxml+xml                           ccxml;
application/CDFX+XML                            cdfx;
application/cdmi-capability                     cdmia;
application/cdmi-container                      cdmic;
application/cdmi-domain                         cdmid;
application/cdmi-object                         cdmio;
application/cdmi-queue                          cdmiq;
application/CEA                                 cea;
application/cellml+xml                          cellml cml;
application/clue_info+xml                       clue;
application/cms                                 cmsc;
application/cpl+xml                             cpl;
application/csrattrs                            csrattrs;
application/dash+xml                            mpd;
application/dashdelta                           mpdd;
application/davmount+xml                        davmount;
application/DCD                                 dcd;
application/dicom                               dcm;
application/DII                                 dii;
application/DIT                                 dit;
application/dskpp+xml                           xmls;
application/dssc+der                            dssc;
application/dssc+xml                            xdssc;
application/dvcs                                dvc;
application/ecmascript                          es;
application/efi                                 efi;
application/emma+xml                            emma;
application/emotionml+xml                       emotionml;
application/epub+zip                            epub;
application/exi                                 exi;
application/fastinfoset                         finf;
application/fdt+xml                             fdt;
application/font-tdpfr                          pfr;
application/geo+json                            geojson;
application/geopackage+sqlite3                  gpkg;
application/gltf-buffer                         glbin glbuf;
application/gml+xml                             gml;
application/gzip                                gz tgz;
application/hyperstudio                         stk;
application/inkml+xml                           ink inkml;
application/ipfix                               ipfix;
application/its+xml                             its;
application/javascript                          js;
application/jrd+json                            jrd;
application/json                                json;
application/json-patch+json                     json-patch;
application/ld+json                             jsonld;
application/lgr+xml                             lgr;
application/link-format                         wlnk;
application/lost+xml                            lostxml;
application/lostsync+xml                        lostsyncxml;
application/lpf+zip                             lpf;
application/LXF                                 lxf;
application/mac-binhex40                        hqx;
application/mads+xml                            mads;
application/marc                                mrc;
application/marcxml+xml                         mrcx;
application/mathematica                         nb ma mb;
application/mathml+xml                          mml;
application/mbox                                mbox;
application/metalink4+xml                       meta4;
application/mets+xml                            mets;
application/MF4                                 mf4;
application/mmt-aei+xml                         maei;
application/mmt-usd+xml                         musd;
application/mods+xml                            mods;
application/mp21                                m21 mp21;
application/msword                              doc;
application/mxf                                 mxf;
application/n-quads                             nq;
application/n-triples                           nt;
application/ocsp-request                        orq;
application/ocsp-response                       ors;
application/octet-stream                bin lha lzh exe class so dll img iso;
application/oda                                 oda;
application/ODX                                 odx;
application/oebps-package+xml                   opf;
application/ogg                                 ogx;
application/oxps                                oxps;
application/p2p-overlay+xml                     relo;
application/pdf                                 pdf;
application/PDX                                 pdx;
application/pem-certificate-chain               pem;
application/pgp-encrypted                       pgp;
application/pgp-signature                       sig;
application/pkcs10                              p10;
application/pkcs12                              p12 pfx;
application/pkcs7-mime                          p7m p7c;
application/pkcs7-signature                     p7s;
application/pkcs8                               p8;
application/pkcs8-encrypted                     p8e;
application/pkix-cert                           cer;
application/pkix-crl                            crl;
application/pkix-pkipath                        pkipath;
application/pkixcmp                             pki;
application/pls+xml                             pls;
application/postscript                          ps eps ai;
application/provenance+xml                      provx;
application/prs.cww                             cw cww;
application/prs.hpub+zip                        hpub;
application/prs.nprend                          rnd rct;
application/prs.rdf-xml-crypt                   rdf-crypt;
application/prs.xsf+xml                         xsf;
application/pskc+xml                            pskcxml;
application/rdf+xml                             rdf;
application/route-apd+xml                       rapd;
application/route-s-tsid+xml                    sls;
application/route-usd+xml                       rusd;
application/reginfo+xml                         rif;
application/relax-ng-compact-syntax             rnc;
application/resource-lists-diff+xml             rld;
application/resource-lists+xml                  rl;
application/rfc+xml                             rfcxml;
application/rls-services+xml                    rs;
application/rpki-ghostbusters                   gbr;
application/rpki-manifest                       mft;
application/rpki-roa                            roa;
application/rtf                                 rtf;
application/scim+json                           scim;
application/scvp-cv-request                     scq;
application/scvp-cv-response                    scs;
application/scvp-vp-request                     spq;
application/scvp-vp-response                    spp;
application/sdp                                 sdp;
application/senml-etch+cbor                     senml-etchc;
application/senml-etch+json                     senml-etchj;
application/senml+cbor                          senmlc;
application/senml+json                          senml;
application/senml+xml                           senmlx;
application/senml-exi                           senmle;
application/sensml+cbor                         sensmlc;
application/sensml+json                         sensml;
application/sensml+xml                          sensmlx;
application/sensml-exi                          sensmle;
application/sgml-open-catalog                   soc;
application/shf+xml                             shf;
application/sieve                               siv sieve;
application/simple-filter+xml                   cl;
application/smil+xml                            smil smi sml;
application/sparql-query                        rq;
application/sparql-results+xml                  srx;
application/sql                                 sql;
application/srgs                                gram;
application/srgs+xml                            grxml;
application/sru+xml                             sru;
application/ssml+xml                            ssml;
application/stix+json                           stix;
application/swid+xml                            swidtag;
application/tamp-apex-update                    tau;
application/tamp-apex-update-confirm            auc;
application/tamp-community-update               tcu;
application/tamp-community-update-confirm       cuc;
application/td+json                             jsontd;
application/tamp-error                          ter;
application/tamp-sequence-adjust                tsa;
application/tamp-sequence-adjust-confirm        sac;
application/tamp-update                         tur;
application/tamp-update-confirm                 tuc;
application/tei+xml                             tei teiCorpus odd;
application/thraud+xml                          tfi;
application/timestamp-query                     tsq;
application/timestamp-reply                     tsr;
application/timestamped-data                    tsd;
application/trig                                trig;
application/ttml+xml                            ttml;
application/urc-grpsheet+xml                    gsheet;
application/urc-ressheet+xml                    rsheet;
application/urc-targetdesc+xml                  td;
application/urc-uisocketdesc+xml                uis;
application/vnd.1000minds.decision-model+xml    1km;
application/vnd.3gpp.pic-bw-large               plb;
application/vnd.3gpp.pic-bw-small               psb;
application/vnd.3gpp.pic-bw-var                 pvb;
application/vnd.3gpp2.sms                       sms;
application/vnd.3gpp2.tcap                      tcap;
application/vnd.3lightssoftware.imagescal       imgcal;
application/vnd.3M.Post-it-Notes                pwn;
application/vnd.accpac.simply.aso               aso;
application/vnd.accpac.simply.imp               imp;
application/vnd.acucobol                        acu;
application/vnd.acucorp                         atc acutc;
application/vnd.adobe.flash.movie               swf;
application/vnd.adobe.formscentral.fcdt         fcdt;
application/vnd.adobe.fxp                       fxp fxpl;
application/vnd.adobe.xdp+xml                   xdp;
application/vnd.adobe.xfdf                      xfdf;
application/vnd.afpc.modca                      list3820 listafp afp pseg3820;
application/vnd.afpc.modca-overlay              ovl;
application/vnd.afpc.modca-pagesegment          psg;
application/vnd.ahead.space                     ahead;
application/vnd.airzip.filesecure.azf           azf;
application/vnd.airzip.filesecure.azs           azs;
application/vnd.amazon.mobi8-ebook              azw3;
application/vnd.americandynamics.acc            acc;
application/vnd.amiga.ami                       ami;
application/vnd.android.ota                     ota;
application/vnd.anki                            apkg;
application/vnd.anser-web-certificate-issue-initiation  cii;
application/vnd.anser-web-funds-transfer-initiation     fti;
application/vnd.apple.installer+xml             dist distz pkg mpkg;
application/vnd.apple.keynote                   keynote;
application/vnd.apple.mpegurl                   m3u8;
application/vnd.apple.numbers                   numbers;
application/vnd.apple.pages                     pages;
application/vnd.aristanetworks.swi              swi;
application/vnd.artisan+json                    artisan;
application/vnd.astraea-software.iota           iota;
application/vnd.audiograph                      aep;
application/vnd.autopackage                     package;
application/vnd.balsamiq.bmml+xml               bmml;
application/vnd.banana-accounting               ac2;
application/vnd.balsamiq.bmpr                   bmpr;
application/vnd.blueice.multipass               mpm;
application/vnd.bluetooth.ep.oob                ep;
application/vnd.bluetooth.le.oob                le;
application/vnd.bmi                             bmi;
application/vnd.businessobjects                 rep;
application/vnd.cendio.thinlinc.clientconf      tlclient;
application/vnd.chemdraw+xml                    cdxml;
application/vnd.chess-pgn                       pgn;
application/vnd.chipnuts.karaoke-mmd            mmd;
application/vnd.cinderella                      cdy;
application/vnd.citationstyles.style+xml        csl;
application/vnd.claymore                        cla;
application/vnd.cloanto.rp9                     rp9;
application/vnd.clonk.c4group                   c4g c4d c4f c4p c4u;
application/vnd.cluetrust.cartomobile-config    c11amc;
application/vnd.cluetrust.cartomobile-config-pkg        c11amz;
application/vnd.coffeescript                    coffee;
application/vnd.collabio.xodocuments.document   xodt;
application/vnd.collabio.xodocuments.document-template  xott;
application/vnd.collabio.xodocuments.presentation       xodp;
application/vnd.collabio.xodocuments.presentation-template      xotp;
application/vnd.collabio.xodocuments.spreadsheet        xods;
application/vnd.collabio.xodocuments.spreadsheet-template       xots;
application/vnd.comicbook-rar                   cbr;
application/vnd.comicbook+zip                   cbz;
application/vnd.commerce-battelle       ica icf icd ic0 ic1 ic2 ic3 ic4 ic5 ic6 ic7 ic8;
application/vnd.commonspace                     csp cst;
application/vnd.contact.cmsg                    cdbcmsg;
application/vnd.coreos.ignition+json            ign ignition;
application/vnd.cosmocaller                     cmc;
application/vnd.crick.clicker                   clkx;
application/vnd.crick.clicker.keyboard          clkk;
application/vnd.crick.clicker.palette           clkp;
application/vnd.crick.clicker.template          clkt;
application/vnd.crick.clicker.wordbank          clkw;
application/vnd.criticaltools.wbs+xml           wbs;
application/vnd.crypto-shade-file               ssvc;
application/vnd.ctc-posml                       pml;
application/vnd.cups-ppd                        ppd;
application/vnd.curl                            curl;
application/vnd.dart                            dart;
application/vnd.data-vision.rdz                 rdz;
application/vnd.dbf                             dbf;
application/vnd.debian.binary-package           deb udeb;
application/vnd.dece.data                       uvf uvvf uvd uvvd;
application/vnd.dece.ttml+xml                   uvt uvvt;
application/vnd.dece.unspecified                uvx uvvx;
application/vnd.dece.zip                        uvz uvvz;
application/vnd.denovo.fcselayout-link          fe_launch;
application/vnd.desmume.movie                   dsm;
application/vnd.dna                             dna;
application/vnd.document+json                   docjson;
application/vnd.doremir.scorecloud-binary-document      scld;
application/vnd.dpgraph                         dpg mwc dpgraph;
application/vnd.dreamfactory                    dfac;
application/vnd.dtg.local.flash                 fla;
application/vnd.dvb.ait                         ait;
application/vnd.dvb.service                     svc;
application/vnd.dynageo                         geo;
application/vnd.dzr                             dzr;
application/vnd.ecowin.chart                    mag;
application/vnd.enliven                         nml;
application/vnd.epson.esf                       esf;
application/vnd.epson.msf                       msf;
application/vnd.epson.quickanime                qam;
application/vnd.epson.salt                      slt;
application/vnd.epson.ssf                       ssf;
application/vnd.ericsson.quickcall              qcall qca;
application/vnd.espass-espass+zip               espass;
application/vnd.eszigno3+xml                    es3 et3;
application/vnd.etsi.asic-e+zip                 asice sce;
application/vnd.etsi.asic-s+zip                 asics;
application/vnd.etsi.timestamp-token            tst;
application/vnd.exstream-empower+zip            mpw;
application/vnd.exstream-package                pub;
application/vnd.evolv.ecig.profile              ecigprofile;
application/vnd.evolv.ecig.settings             ecig;
application/vnd.evolv.ecig.theme                ecigtheme;
application/vnd.ezpix-album                     ez2;
application/vnd.ezpix-package                   ez3;
application/vnd.fastcopy-disk-image             dim;
application/vnd.fdf                             fdf;
application/vnd.fdsn.mseed                      msd mseed;
application/vnd.fdsn.seed                       seed dataless;
application/vnd.ficlab.flb+zip                  flb;
application/vnd.filmit.zfc                      zfc;
application/vnd.FloGraphIt                      gph;
application/vnd.fluxtime.clip                   ftc;
application/vnd.font-fontforge-sfd              sfd;
application/vnd.framemaker                      fm;
application/vnd.frogans.fnc                     fnc;
application/vnd.frogans.ltf                     ltf;
application/vnd.fsc.weblaunch                   fsc;
application/vnd.fujitsu.oasys                   oas;
application/vnd.fujitsu.oasys2                  oa2;
application/vnd.fujitsu.oasys3                  oa3;
application/vnd.fujitsu.oasysgp                 fg5;
application/vnd.fujitsu.oasysprs                bh2;
application/vnd.fujixerox.ddd                   ddd;
application/vnd.fujixerox.docuworks             xdw;
application/vnd.fujixerox.docuworks.binder      xbd;
application/vnd.fujixerox.docuworks.container   xct;
application/vnd.fuzzysheet                      fzs;
application/vnd.genomatix.tuxedo                txd;
application/vnd.geocube+xml                     g3 g³;
application/vnd.geogebra.file                   ggb;
application/vnd.geogebra.tool                   ggt;
application/vnd.geometry-explorer               gex gre;
application/vnd.geonext                         gxt;
application/vnd.geoplan                         g2w;
application/vnd.geospace                        g3w;
application/vnd.gmx                             gmx;
application/vnd.google-earth.kml+xml            kml;
application/vnd.google-earth.kmz                kmz;
application/vnd.grafeq                          gqf gqs;
application/vnd.groove-account                  gac;
application/vnd.groove-help                     ghf;
application/vnd.groove-identity-message         gim;
application/vnd.groove-injector                 grv;
application/vnd.groove-tool-message             gtm;
application/vnd.groove-tool-template            tpl;
application/vnd.groove-vcard                    vcg;
application/vnd.hal+xml                         hal;
application/vnd.HandHeld-Entertainment+xml      zmm;
application/vnd.hbci                            hbci hbc kom upa pkd bpd;
application/vnd.hdt                             hdt;
application/vnd.hhe.lesson-player               les;
application/vnd.hp-HPGL                         hpgl;
application/vnd.hp-hpid                         hpi hpid;
application/vnd.hp-hps                          hps;
application/vnd.hp-jlyt                         jlt;
application/vnd.hp-PCL                          pcl;
application/vnd.hydrostatix.sof-data            sfd-hdstx;
application/vnd.hzn-3d-crossword                x3d;
application/vnd.ibm.electronic-media            emm;
application/vnd.ibm.MiniPay                     mpy;
application/vnd.ibm.rights-management           irm;
application/vnd.ibm.secure-container            sc;
application/vnd.iccprofile                      icc icm;
application/vnd.ieee.1905                       1905.1;
application/vnd.igloader                        igl;
application/vnd.imagemeter.folder+zip           imf;
application/vnd.imagemeter.image+zip            imi;
application/vnd.immervision-ivp                 ivp;
application/vnd.immervision-ivu                 ivu;
application/vnd.ims.imsccv1p1                   imscc;
application/vnd.insors.igm                      igm;
application/vnd.intercon.formnet                xpw xpx;
application/vnd.intergeo                        i2g;
application/vnd.intu.qbo                        qbo;
application/vnd.intu.qfx                        qfx;
application/vnd.ipunplugged.rcprofile           rcprofile;
application/vnd.irepository.package+xml         irp;
application/vnd.is-xpr                          xpr;
application/vnd.isac.fcs                        fcs;
application/vnd.jam                             jam;
application/vnd.jcp.javame.midlet-rms           rms;
application/vnd.jisp                            jisp;
application/vnd.joost.joda-archive              joda;
application/vnd.kahootz                         ktz ktr;
application/vnd.kde.karbon                      karbon;
application/vnd.kde.kchart                      chrt;
application/vnd.kde.kformula                    kfo;
application/vnd.kde.kivio                       flw;
application/vnd.kde.kontour                     kon;
application/vnd.kde.kpresenter                  kpr kpt;
application/vnd.kde.kspread                     ksp;
application/vnd.kde.kword                       kwd kwt;
application/vnd.kenameaapp                      htke;
application/vnd.kidspiration                    kia;
application/vnd.Kinar                           kne knp sdf;
application/vnd.koan                            skp skd skm skt;
application/vnd.kodak-descriptor                sse;
application/vnd.las.las+json                    lasjson;
application/vnd.las.las+xml                     lasxml;
application/vnd.llamagraphics.life-balance.desktop      lbd;
application/vnd.llamagraphics.life-balance.exchange+xml lbe;
application/vnd.logipipe.circuit+zip            lcs lca;
application/vnd.loom                            loom;
application/vnd.lotus-1-2-3                     123 wk4 wk3 wk1;
application/vnd.lotus-approach                  apr vew;
application/vnd.lotus-freelance                 prz pre;
application/vnd.lotus-notes                     nsf ntf ndl ns4 ns3 ns2 nsh nsg;
application/vnd.lotus-organizer                 or3 or2 org;
application/vnd.lotus-screencam                 scm;
application/vnd.lotus-wordpro                   lwp sam;
application/vnd.macports.portpkg                portpkg;
application/vnd.mapbox-vector-tile              mvt;
application/vnd.marlin.drm.mdcf                 mdc;
application/vnd.maxmind.maxmind-db              mmdb;
application/vnd.mcd                             mcd;
application/vnd.medcalcdata                     mc1;
application/vnd.mediastation.cdkey              cdkey;
application/vnd.MFER                            mwf;
application/vnd.mfmp                            mfm;
application/vnd.micrografx.flo                  flo;
application/vnd.micrografx.igx                  igx;
application/vnd.mif                             mif;
application/vnd.Mobius.DAF                      daf;
application/vnd.Mobius.DIS                      dis;
application/vnd.Mobius.MBK                      mbk;
application/vnd.Mobius.MQY                      mqy;
application/vnd.Mobius.MSL                      msl;
application/vnd.Mobius.PLC                      plc;
application/vnd.Mobius.TXF                      txf;
application/vnd.mophun.application              mpn;
application/vnd.mophun.certificate              mpc;
application/vnd.mozilla.xul+xml                 xul;
application/vnd.ms-3mfdocument                  3mf;
application/vnd.ms-artgalry                     cil;
application/vnd.ms-asf                          asf;
application/vnd.ms-cab-compressed               cab;
application/vnd.ms-excel                        xls xlm xla xlc xlt xlw;
application/vnd.ms-excel.template.macroEnabled.12       xltm;
application/vnd.ms-excel.addin.macroEnabled.12  xlam;
application/vnd.ms-excel.sheet.binary.macroEnabled.12   xlsb;
application/vnd.ms-excel.sheet.macroEnabled.12  xlsm;
application/vnd.ms-fontobject                   eot;
application/vnd.ms-htmlhelp                     chm;
application/vnd.ms-ims                          ims;
application/vnd.ms-lrm                          lrm;
application/vnd.ms-officetheme                  thmx;
application/vnd.ms-powerpoint                   ppt pps pot;
application/vnd.ms-powerpoint.addin.macroEnabled.12     ppam;
application/vnd.ms-powerpoint.presentation.macroEnabled.12      pptm;
application/vnd.ms-powerpoint.slide.macroEnabled.12     sldm;
application/vnd.ms-powerpoint.slideshow.macroEnabled.12 ppsm;
application/vnd.ms-powerpoint.template.macroEnabled.12  potm;
application/vnd.ms-project                      mpp mpt;
application/vnd.ms-tnef                         tnef tnf;
application/vnd.ms-word.document.macroEnabled.12        docm;
application/vnd.ms-word.template.macroEnabled.12        dotm;
application/vnd.ms-works                        wcm wdb wks wps;
application/vnd.ms-wpl                          wpl;
application/vnd.ms-xpsdocument                  xps;
application/vnd.msa-disk-image                  msa;
application/vnd.mseq                            mseq;
application/vnd.multiad.creator                 crtr;
application/vnd.multiad.creator.cif             cif;
application/vnd.musician                        mus;
application/vnd.muvee.style                     msty;
application/vnd.mynfc                           taglet;
application/vnd.nervana                         entity request bkm kcm;
application/vnd.nimn                            nimn;
application/vnd.nitf                            nitf;
application/vnd.neurolanguage.nlu               nlu;
application/vnd.nintendo.nitro.rom              nds;
application/vnd.nintendo.snes.rom               sfc smc;
application/vnd.noblenet-directory              nnd;
application/vnd.noblenet-sealer                 nns;
application/vnd.noblenet-web                    nnw;
application/vnd.nokia.n-gage.ac+xml             ac;
application/vnd.nokia.n-gage.data               ngdat;
application/vnd.nokia.n-gage.symbian.install    n-gage;
application/vnd.nokia.radio-preset              rpst;
application/vnd.nokia.radio-presets             rpss;
application/vnd.novadigm.EDM                    edm;
application/vnd.novadigm.EDX                    edx;
application/vnd.novadigm.EXT                    ext;
application/vnd.oasis.opendocument.chart                        odc;
application/vnd.oasis.opendocument.chart-template               otc;
application/vnd.oasis.opendocument.database                     odb;
application/vnd.oasis.opendocument.formula                      odf;
application/vnd.oasis.opendocument.graphics                     odg;
application/vnd.oasis.opendocument.graphics-template            otg;
application/vnd.oasis.opendocument.image                        odi;
application/vnd.oasis.opendocument.image-template               oti;
application/vnd.oasis.opendocument.presentation                 odp;
application/vnd.oasis.opendocument.presentation-template        otp;
application/vnd.oasis.opendocument.spreadsheet                  ods;
application/vnd.oasis.opendocument.spreadsheet-template         ots;
application/vnd.oasis.opendocument.text                         odt;
application/vnd.oasis.opendocument.text-master                  odm;
application/vnd.oasis.opendocument.text-template                ott;
application/vnd.oasis.opendocument.text-web                     oth;
application/vnd.olpc-sugar                      xo;
application/vnd.oma.dd2+xml                     dd2;
application/vnd.onepager                        tam;
application/vnd.onepagertamp                    tamp;
application/vnd.onepagertamx                    tamx;
application/vnd.onepagertat                     tat;
application/vnd.onepagertatp                    tatp;
application/vnd.onepagertatx                    tatx;
application/vnd.openblox.game+xml               obgx;
application/vnd.openblox.game-binary            obg;
application/vnd.openeye.oeb                     oeb;
application/vnd.openofficeorg.extension         oxt;
application/vnd.openstreetmap.data+xml          osm;
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
application/vnd.openxmlformats-officedocument.presentationml.slide      sldx;
application/vnd.openxmlformats-officedocument.presentationml.slideshow  ppsx;
application/vnd.openxmlformats-officedocument.presentationml.template   potx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet       xlsx;
application/vnd.openxmlformats-officedocument.spreadsheetml.template    xltx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
application/vnd.openxmlformats-officedocument.wordprocessingml.template dotx;
application/vnd.osa.netdeploy                   ndc;
application/vnd.osgeo.mapguide.package          mgp;
application/vnd.osgi.dp                         dp;
application/vnd.osgi.subsystem                  esa;
application/vnd.oxli.countgraph                 oxlicg;
application/vnd.palm                            prc pdb pqa oprc;
application/vnd.panoply                         plp;
application/vnd.patentdive                      dive;
application/vnd.pawaafile                       paw;
application/vnd.pg.format                       str;
application/vnd.pg.osasli                       ei6;
application/vnd.piaccess.application-license    pil;
application/vnd.picsel                          efif;
application/vnd.pmi.widget                      wg;
application/vnd.pocketlearn                     plf;
application/vnd.powerbuilder6                   pbd;
application/vnd.preminet                        preminet;
application/vnd.previewsystems.box              box vbox;
application/vnd.proteus.magazine                mgz;
application/vnd.psfs                            psfs;
application/vnd.publishare-delta-tree           qps;
application/vnd.pvi.ptid1                       ptid;
application/vnd.qualcomm.brew-app-res           bar;
application/vnd.Quark.QuarkXPress               qxd qxt qwd qwt qxl qxb;
application/vnd.quobject-quoxdocument           quox quiz;
application/vnd.rainstor.data                   tree;
application/vnd.rar                             rar;
application/vnd.realvnc.bed                     bed;
application/vnd.recordare.musicxml              mxl;
application/vnd.rig.cryptonote                  cryptonote;
application/vnd.route66.link66+xml              link66;
application/vnd.sailingtracker.track            st;
application/vnd.sar                             SAR;
application/vnd.scribus                         scd sla slaz;
application/vnd.sealed.3df                      s3df;
application/vnd.sealed.csf                      scsf;
application/vnd.sealed.doc                      sdoc sdo s1w;
application/vnd.sealed.eml                      seml sem;
application/vnd.sealed.mht                      smht smh;
application/vnd.sealed.ppt                      sppt s1p;
application/vnd.sealed.tiff                     stif;
application/vnd.sealed.xls                      sxls sxl s1e;
application/vnd.sealedmedia.softseal.html       stml s1h;
application/vnd.sealedmedia.softseal.pdf        spdf spd s1a;
application/vnd.seemail                         see;
application/vnd.sema                            sema;
application/vnd.semd                            semd;
application/vnd.semf                            semf;
application/vnd.shade-save-file                 ssv;
application/vnd.shana.informed.formdata         ifm;
application/vnd.shana.informed.formtemplate     itp;
application/vnd.shana.informed.interchange      iif;
application/vnd.shana.informed.package          ipk;
application/vnd.shp                             shp;
application/vnd.shx                             shx;
application/vnd.sigrok.session                  sr;
application/vnd.SimTech-MindMapper              twd twds;
application/vnd.smaf                            mmf;
application/vnd.smart.notebook                  notebook;
application/vnd.smart.teacher                   teacher;
application/vnd.snesdev-page-table              ptrom pt;
application/vnd.software602.filler.form+xml     fo;
application/vnd.software602.filler.form-xml-zip zfo;
application/vnd.solent.sdkm+xml                 sdkm sdkd;
application/vnd.spotfire.dxp                    dxp;
application/vnd.spotfire.sfs                    sfs;
application/vnd.sqlite3                         sqlite sqlite3;
application/vnd.stepmania.package               smzip;
application/vnd.stepmania.stepchart             sm;
application/vnd.sun.wadl+xml                    wadl;
application/vnd.sus-calendar                    sus susp;
application/vnd.syncml+xml                      xsm;
application/vnd.syncml.dm+wbxml                 bdm;
application/vnd.syncml.dm+xml                   xdm;
application/vnd.syncml.dmddf+xml                ddf;
application/vnd.tao.intent-module-archive       tao;
application/vnd.tcpdump.pcap                    pcap cap dmp;
application/vnd.theqvd                          qvd;
application/vnd.think-cell.ppttc+json           ppttc;
application/vnd.tml                             vfr viaframe;
application/vnd.tmobile-livetv                  tmo;
application/vnd.trid.tpt                        tpt;
application/vnd.triscape.mxs                    mxs;
application/vnd.trueapp                         tra;
application/vnd.ufdl                            ufdl ufd frm;
application/vnd.uiq.theme                       utz;
application/vnd.umajin                          umj;
application/vnd.unity                           unityweb;
application/vnd.uoml+xml                        uoml uo;
application/vnd.uri-map                         urim urimap;
application/vnd.valve.source.material           vmt;
application/vnd.vcx                             vcx;
application/vnd.vd-study                        mxi study-inter model-inter;
application/vnd.vectorworks                     vwx;
application/vnd.veryant.thin                    istc isws;
application/vnd.ves.encrypted                   VES;
application/vnd.vidsoft.vidconference           vsc;
application/vnd.visio                           vsd vst vsw vss;
application/vnd.visionary                       vis;
application/vnd.vsf                             vsf;
application/vnd.wap.sic                         sic;
application/vnd.wap.slc                         slc;
application/vnd.wap.wbxml                       wbxml;
application/vnd.wap.wmlc                        wmlc;
application/vnd.wap.wmlscriptc                  wmlsc;
application/vnd.webturbo                        wtb;
application/vnd.wfa.p2p                         p2p;
application/vnd.wfa.wsc                         wsc;
application/vnd.wmc                             wmc;
application/vnd.wolfram.mathematica.package     m;
application/vnd.wolfram.player                  nbp;
application/vnd.wordperfect                     wpd;
application/vnd.wqd                             wqd;
application/vnd.wt.stf                          stf;
application/vnd.wv.csp+wbxml                    wv;
application/vnd.xara                            xar;
application/vnd.xfdl                            xfdl xfd;
application/vnd.xmpie.cpkg                      cpkg;
application/vnd.xmpie.dpkg                      dpkg;
application/vnd.xmpie.ppkg                      ppkg;
application/vnd.xmpie.xlim                      xlim;
application/vnd.yamaha.hv-dic                   hvd;
application/vnd.yamaha.hv-script                hvs;
application/vnd.yamaha.hv-voice                 hvp;
application/vnd.yamaha.openscoreformat          osf;
application/vnd.yamaha.smaf-audio               saf;
application/vnd.yamaha.smaf-phrase              spf;
application/vnd.yaoweme                         yme;
application/vnd.yellowriver-custom-menu         cmp;
application/vnd.zul                             zir zirz;
application/vnd.zzazz.deck+xml                  zaz;
application/voicexml+xml                        vxml;
application/voucher-cms+json                    vcj;
application/watcherinfo+xml                     wif;
application/widget                              wgt;
application/wsdl+xml                            wsdl;
application/wspolicy+xml                        wspolicy;
application/xcap-att+xml                        xav;
application/xcap-caps+xml                       xca;
application/xcap-diff+xml                       xdf;
application/xcap-el+xml                         xel;
application/xcap-error+xml                      xer;
application/xcap-ns+xml                         xns;
application/xhtml+xml                           xhtml xhtm xht;
application/xliff+xml                           xlf;
application/xml-dtd                             dtd;
application/xop+xml                             xop;
application/xslt+xml                            xsl xslt;
application/xv+xml                              mxml xhvml xvml xvm;
application/yang                                yang;
application/yin+xml                             yin;
application/zip                                 zip;
application/zstd                                zst;
audio/32kadpcm                                  726;
audio/aac                                       adts aac ass;
audio/ac3                                       ac3;
audio/AMR                                       amr;
audio/AMR-WB                                    awb;
audio/asc                                       acn;
audio/ATRAC-ADVANCED-LOSSLESS                   aal;
audio/ATRAC-X                                   atx;
audio/ATRAC3                                    at3 aa3 omg;
audio/basic                                     au snd;
audio/dls                                       dls;
audio/EVRC                                      evc;
audio/EVRCB                                     evb;
audio/EVRCNW                                    enw;
audio/EVRCWB                                    evw;
audio/iLBC                                      lbc;
audio/L16                                       l16;
audio/mhas                                      mhas;
audio/mobile-xmf                                mxmf;
audio/mp4                                       m4a;
audio/mpeg                                      mp3 mpga mp1 mp2;
audio/ogg                                       oga ogg opus spx;
audio/prs.sid                                   sid psid;
audio/qcelp                                     qcp;
audio/SMV                                       smv;
audio/usac                                      loas xhe;
audio/vnd.audikoz                               koz;
audio/vnd.dece.audio                            uva uvva;
audio/vnd.digital-winds                         eol;
audio/vnd.dolby.mlp                             mlp;
audio/vnd.dts                                   dts;
audio/vnd.dts.hd                                dtshd;
audio/vnd.everad.plj                            plj;
audio/vnd.lucent.voice                          lvp;
audio/vnd.ms-playready.media.pya                pya;
audio/vnd.nortel.vbk                            vbk;
audio/vnd.nuera.ecelp4800                       ecelp4800;
audio/vnd.nuera.ecelp7470                       ecelp7470;
audio/vnd.nuera.ecelp9600                       ecelp9600;
audio/vnd.presonus.multitrack                   multitrack;
audio/vnd.rip                                   rip;
audio/vnd.sealedmedia.softseal.mpeg             smp3 smp s1m;
font/collection                                 ttc;
font/otf                                        otf;
font/ttf                                        ttf;
font/woff                                       woff;
font/woff2                                      woff2;
image/aces                                      exr;
image/avci                                      avci;
image/avcs                                      avcs;
image/bmp                                       bmp dib;
image/cgm                                       cgm;
image/dicom-rle                                 drle;
image/emf                                       emf;
image/fits                                      fits fit fts;
image/heic                                      heic;
image/heic-sequence                             heics;
image/heif                                      heif;
image/heif-sequence                             heifs;
image/hej2k                                     hej2;
image/hsj2                                      hsj2;
image/gif                                       gif;
image/ief                                       ief;
image/jls                                       jls;
image/jp2                                       jp2 jpg2;
image/jph                                       jph;
image/jphc                                      jhc;
image/jpeg                                      jpg jpeg jpe jfif;
image/jpm                                       jpm jpgm;
image/jpx                                       jpx jpf;
image/jxr                                       jxr;
image/jxrA                                      jxra;
image/jxrS                                      jxrs;
image/jxs                                       jxs;
image/jxsc                                      jxsc;
image/jxsi                                      jxsi;
image/jxss                                      jxss;
image/ktx                                       ktx;
image/png                                       png;
image/prs.btif                                  btif btf;
image/prs.pti                                   pti;
image/svg+xml                                   svg svgz;
image/t38                                       t38;
image/tiff                                      tiff tif;
image/tiff-fx                                   tfx;
image/vnd.adobe.photoshop                       psd;
image/vnd.airzip.accelerator.azv                azv;
image/vnd.dece.graphic                          uvi uvvi uvg uvvg;
image/vnd.djvu                                  djvu djv;
image/vnd.dwg                                   dwg;
image/vnd.dxf                                   dxf;
image/vnd.fastbidsheet                          fbs;
image/vnd.fpx                                   fpx;
image/vnd.fst                                   fst;
image/vnd.fujixerox.edmics-mmr                  mmr;
image/vnd.fujixerox.edmics-rlc                  rlc;
image/vnd.globalgraphics.pgb                    pgb;
image/vnd.microsoft.icon                        ico;
image/vnd.mozilla.apng                          apng;
image/vnd.ms-modi                               mdi;
image/vnd.radiance                              hdr rgbe xyze;
image/vnd.sealed.png                            spng spn s1n;
image/vnd.sealedmedia.softseal.gif              sgif sgi s1g;
image/vnd.sealedmedia.softseal.jpg              sjpg sjp s1j;
image/vnd.tencent.tap                           tap;
image/vnd.valve.source.texture                  vtf;
image/vnd.wap.wbmp                              wbmp;
image/vnd.xiff                                  xif;
image/vnd.zbrush.pcx                            pcx;
image/wmf                                       wmf;
message/global                                  u8msg;
message/global-delivery-status                  u8dsn;
message/global-disposition-notification         u8mdn;
message/global-headers                          u8hdr;
message/rfc822                                  eml mail art;
model/gltf-binary                               glb;
model/gltf+json                                 gltf;
model/iges                                      igs iges;
model/mesh                                      msh mesh silo;
model/mtl                                       mtl;
model/obj                                       obj;
model/stl                                       stl;
model/vnd.collada+xml                           dae;
model/vnd.dwf                                   dwf;
model/vnd.gdl                                   gdl gsm win dor lmp rsm msm ism;
model/vnd.gtw                                   gtw;
model/vnd.moml+xml                              moml;
model/vnd.mts                                   mts;
model/vnd.opengex                               ogex;
model/vnd.parasolid.transmit.binary             x_b xmt_bin;
model/vnd.parasolid.transmit.text               x_t xmt_txt;
model/vnd.usdz+zip                              usdz;
model/vnd.valve.source.compiled-map             bsp;
model/vnd.vtu                                   vtu;
model/vrml                                      wrl vrml;
model/x3d+xml                                   x3db;
model/x3d-vrml                                  x3dv x3dvz;
multipart/vnd.bint.med-plus                     bmed;
multipart/voice-message                         vpm;
text/cache-manifest                             appcache manifest;
text/calendar                                   ics ifb;
text/css                                        css;
text/csv                                        csv;
text/csv-schema                                 csvs;
text/dns                                        soa zone;
text/html                                       html htm;
text/jcr-cnd                                    cnd;
text/markdown                                   markdown md;
text/mizar                                      miz;
text/n3                                         n3;
text/plain              txt asc text pm el c h cc hh cxx hxx f90 conf log;
text/provenance-notation                        provn;
text/prs.fallenstein.rst                        rst;
text/prs.lines.tag                              tag dsc;
text/richtext                                   rtx;
text/sgml                                       sgml sgm;
text/tab-separated-values                       tsv;
text/troff                                      t tr roff;
text/turtle                                     ttl;
text/uri-list                                   uris uri;
text/vcard                                      vcf vcard;
text/vnd.a                                      a;
text/vnd.abc                                    abc;
text/vnd.ascii-art                              ascii;
text/vnd.debian.copyright                       copyright;
text/vnd.DMClientScript                         dms;
text/vnd.dvb.subtitle                           sub;
text/vnd.esmertec.theme-descriptor              jtd;
text/vnd.ficlab.flt                             flt;
text/vnd.fly                                    fly;
text/vnd.fmi.flexstor                           flx;
text/vnd.graphviz                               gv dot;
text/vnd.hgl                                    hgl;
text/vnd.in3d.3dml                              3dml 3dm;
text/vnd.in3d.spot                              spot spo;
text/vnd.ms-mediapackage                        mpf;
text/vnd.net2phone.commcenter.command           ccc;
text/vnd.senx.warpscript                        mc2;
text/vnd.si.uricatalogue                        uric;
text/vnd.sun.j2me.app-descriptor                jad;
text/vnd.sosi                                   sos;
text/vnd.trolltech.linguist                     ts;
text/vnd.wap.si                                 si;
text/vnd.wap.sl                                 sl;
text/vnd.wap.wml                                wml;
text/vnd.wap.wmlscript                          wmls;
text/vtt                                        vtt;
text/xml                                        xml xsd rng;
text/xml-external-parsed-entity                 ent;
video/3gpp                                      3gp 3gpp;
video/3gpp2                                     3g2 3gpp2;
video/iso.segment                               m4s;
video/mj2                                       mj2 mjp2;
video/mp4                                       mp4 mpg4 m4v;
video/mpeg                                      mpeg mpg mpe m1v m2v;
video/ogg                                       ogv;
video/quicktime                                 mov qt;
video/vnd.dece.hd                               uvh uvvh;
video/vnd.dece.mobile                           uvm uvvm;
video/vnd.dece.mp4                              uvu uvvu;
video/vnd.dece.pd                               uvp uvvp;
video/vnd.dece.sd                               uvs uvvs;
video/vnd.dece.video                            uvv uvvv;
video/vnd.dvb.file                              dvb;
video/vnd.fvt                                   fvt;
video/vnd.mpegurl                               mxu m4u;
video/vnd.ms-playready.media.pyv                pyv;
video/vnd.nokia.interleaved-multimedia          nim;
video/vnd.radgamettools.bink                    bik bk2;
video/vnd.radgamettools.smacker                 smk;
video/vnd.sealed.mpeg1                          smpg s11;
video/vnd.sealed.mpeg4                          s14;
video/vnd.sealed.swf                            sswf ssw;
video/vnd.sealedmedia.softseal.mov              smov smo s1q;
video/vnd.youtube.yt                            yt;
video/vnd.vivo                                  viv;
application/mac-compactpro                      cpt;
application/metalink+xml                        metalink;
application/owl+xml                             owx;
application/rss+xml                             rss;
application/vnd.android.package-archive         apk;
application/vnd.oma.dd+xml                      dd;
application/vnd.oma.drm.content                 dcf;
application/vnd.oma.drm.dcf                     o4a o4v;
application/vnd.oma.drm.message                 dm;
application/vnd.oma.drm.rights+wbxml            drc;
application/vnd.oma.drm.rights+xml              dr;
application/vnd.sun.xml.calc                    sxc;
application/vnd.sun.xml.calc.template           stc;
application/vnd.sun.xml.draw                    sxd;
application/vnd.sun.xml.draw.template           std;
application/vnd.sun.xml.impress                 sxi;
application/vnd.sun.xml.impress.template        sti;
application/vnd.sun.xml.math                    sxm;
application/vnd.sun.xml.writer                  sxw;
application/vnd.sun.xml.writer.global           sxg;
application/vnd.sun.xml.writer.template         stw;
application/vnd.symbian.install                 sis;
application/vnd.wap.mms-message                 mms;
application/x-annodex                           anx;
application/x-bcpio                             bcpio;
application/x-bittorrent                        torrent;
application/x-bzip2                             bz2;
application/x-cdlink                            vcd;
application/x-chrome-extension                  crx;
application/x-cpio                              cpio;
application/x-csh                               csh;
application/x-director                          dcr dir dxr;
application/x-dvi                               dvi;
application/x-futuresplash                      spl;
application/x-gtar                              gtar;
application/x-hdf                               hdf;
application/x-java-archive                      jar;
application/x-java-jnlp-file                    jnlp;
application/x-java-pack200                      pack;
application/x-killustrator                      kil;
application/x-latex                             latex;
application/x-netcdf                            nc cdf;
application/x-perl                              pl;
application/x-rpm                               rpm;
application/x-sh                                sh;
application/x-shar                              shar;
application/x-stuffit                           sit;
application/x-sv4cpio                           sv4cpio;
application/x-sv4crc                            sv4crc;
application/x-tar                               tar;
application/x-tcl                               tcl;
application/x-tex                               tex;
application/x-texinfo                           texinfo texi;
application/x-troff-man                         man 1 2 3 4 5 6 7 8;
application/x-troff-me                          me;
application/x-troff-ms                          ms;
application/x-ustar                             ustar;
application/x-wais-source                       src;
application/x-xpinstall                         xpi;
application/x-xspf+xml                          xspf;
application/x-xz                                xz;
audio/midi                                      mid midi kar;
audio/x-aiff                                    aif aiff aifc;
audio/x-annodex                                 axa;
audio/x-flac                                    flac;
audio/x-matroska                                mka;
audio/x-mod                                     mod ult uni m15 mtm 669 med;
audio/x-mpegurl                                 m3u;
audio/x-ms-wax                                  wax;
audio/x-ms-wma                                  wma;
audio/x-pn-realaudio                            ram rm;
audio/x-realaudio                               ra;
audio/x-s3m                                     s3m;
audio/x-stm                                     stm;
audio/x-wav                                     wav;
chemical/x-xyz                                  xyz;
image/webp                                      webp;
image/x-cmu-raster                              ras;
image/x-portable-anymap                         pnm;
image/x-portable-bitmap                         pbm;
image/x-portable-graymap                        pgm;
image/x-portable-pixmap                         ppm;
image/x-rgb                                     rgb;
image/x-targa                                   tga;
image/x-xbitmap                                 xbm;
image/x-xpixmap                                 xpm;
image/x-xwindowdump                             xwd;
text/html-sandboxed                             sandboxed;
text/x-pod                                      pod;
text/x-setext                                   etx;
video/webm                                      webm;
video/x-annodex                                 axv;
video/x-flv                                     flv;
video/x-javafx                                  fxm;
video/x-matroska                                mkv;
video/x-matroska-3d                             mk3d;
video/x-ms-asf                                  asx;
video/x-ms-wm                                   wm;
video/x-ms-wmv                                  wmv;
video/x-ms-wmx                                  wmx;
video/x-ms-wvx                                  wvx;
video/x-msvideo                                 avi;
video/x-sgi-movie                               movie;
x-conference/x-cooltalk                         ice;
x-epoc/x-sisx-app                               sisx;
}

# configuration file /etc/nginx/sites-enabled/e-hoang:
server_tokens               off;
access_log                  /var/log/nginx/e-hoang.access.log;
error_log                   /var/log/nginx/e-hoang.error.log;

# This configuration will be changed to redirect to HTTPS later
server {
  server_name               .e-hoang.com;
  listen                    80;
    location / {
    proxy_pass              http://localhost:8000;
    proxy_set_header        Host $host;
  }

 location /static {
        autoindex on;
        alias /var/www/e-hoang.com/static/;
}
}

webprofusion · August 30, 2023, 3:59am

I'd remove the SSL configuration and get your site working on http, then try to setup ssl again.

froggyten · August 30, 2023, 4:01am

Hi,

Yes SSL is totally removed, I'm able to access my page
http://www.e-hoang.com/myresumesite
and http://e-hoang.com/myresumesite.
As well, e-hoang.com leads to nginx home page.

rg305 · August 30, 2023, 4:06am

In the file "/etc/nginx/sites-enabled/e-hoang", try changing this one line:
server_name .e-hoang.com;
to this:
server_name e-hoang.com www.e-hoang.com;

And then retry the ACME client.

webprofusion · August 30, 2023, 4:08am

Great, so now use either Certbot or acme-nginx to setup your ssl again.

I hadn't heard of acme-nginx before, I think most people using nginx use Certbot with the --nginx integration.

froggyten · August 30, 2023, 4:15am

Here is the results after changing:

2023-08-30 04:13:43,457 - INFO - trying to create account key /etc/ssl/private/letsencrypt-account.key
2023-08-30 04:13:43,666 - INFO - trying to register acmev2 account
2023-08-30 04:13:44,208 - INFO - already registered
2023-08-30 04:13:44,209 - INFO - trying to create domain key2023-08-30 04:13:44,209 - INFO - acmev2 http challenge
2023-08-30 04:13:44,209 - INFO - preparing new order
2023-08-30 04:13:44,671 - INFO - order created
2023-08-30 04:13:45,068 - INFO - verifying domain e-hoang.com
2023-08-30 04:13:45,121 - INFO - adding nginx virtual host and completing challenge
2023-08-30 04:13:45,122 - INFO - created challenge file into /tmp/tmphmccjb2j
2023-08-30 04:13:45,122 - INFO - writing virtual host into /etc/nginx/sites-enabled/0-letsencrypt.conf
2023-08-30 04:13:45,122 - INFO - running nginx -s reload
2023-08-30 04:13:45,160 - INFO - writing challenge file into /etc/nginx/sites-enabled/0-letsencrypt.conf
2023-08-30 04:13:45,160 - INFO - asking acme server to verify challenge
2023-08-30 04:13:45,570 - INFO - waiting for e-hoang.com challenge verification
2023-08-30 04:13:45,973 - ERROR - e-hoang.com challenge did not pass: {'identifier': {'type': 'dns', 'value': 'e-hoang.com'}, 'status': 'invalid', 'expires': '2023-09-06T04:10:01Z', 'challenges': [{'type': 'http-01', 'status': 'invalid', 'error': {'type': 'urn:ietf:params:acme:error:unauthorized', 'detail': '34.196.67.235: Invalid response from http://e-hoang.com/.well-known/acme-challenge/RKV012my1kgDME6TgtdTZ3sjViX9u3XoDDPY_mqZDdc: 404', 'status': 403}, 'url': 'https://acme-v02.api.letsencrypt.org/acme/chall-v3/259652685726/2J6PKg', 'token': 'RKV012my1kgDME6TgtdTZ3sjViX9u3XoDDPY_mqZDdc', 'validationRecord': [{'url': 'http://e-hoang.com/.well-known/acme-challenge/RKV012my1kgDME6TgtdTZ3sjViX9u3XoDDPY_mqZDdc', 'hostname': 'e-hoang.com', 'port': '80', 'addressesResolved': ['34.196.67.235'], 'addressUsed': '34.196.67.235'}], 'validated': '2023-08-30T04:13:45Z'}]}
2023-08-30 04:13:45,973 - INFO - removing /tmp/tmphmccjb2j/RKV012my1kgDME6TgtdTZ3sjViX9u3XoDDPY_mqZDdc
2023-08-30 04:13:45,973 - INFO - removing /etc/nginx/sites-enabled/0-letsencrypt.conf
2023-08-30 04:13:45,973 - INFO - removing /tmp/tmphmccjb2j
2023-08-30 04:13:45,974 - INFO - running nginx -s reload

and the edited sites-enabled/e-hoang file:

server_tokens               off;
access_log                  /var/log/nginx/e-hoang.access.log;
error_log                   /var/log/nginx/e-hoang.error.log;

# This configuration will be changed to redirect to HTTPS later
server {
  server_name               e-hoang.com www.e-hoang.com;
  listen                    80;
    location / {
    proxy_pass              http://localhost:8000;
    proxy_set_header        Host $host;
  }

 location /static {
        autoindex on;
        alias /var/www/e-hoang.com/static/;
}
}

froggyten · August 30, 2023, 4:15am

Hello,

I've posted the results here:

rg305 · August 30, 2023, 4:18am

I'm not familiar with that ACME client.
I don't know which is the best way to troubleshoot it nor how to get it to use the test/staging environment.

Are you opposed to installing some other ACME client?
Like: certbot or acme.sh

froggyten · August 30, 2023, 4:21am

I would install certbot using the below commands, but this amazon image does not have EPEL.

froggyten · August 30, 2023, 4:21am

I would love to but this amazon image doesn't support either acme.sh nor certbot (EPEL)...