My domain is: boom.pelmorex.com
I ran this command: cd /opt/certbot; ./certbot-auto certonly --nginx -d boom.pelmorex.com --non-interactive --agree-tos --email netops@pelmorex.com --staging
It produced this output:
Failed authorization procedure. boom.pelmorex.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://boom.pelmorex.com/.well-known/acme-challenge/9Xi0PElLfgt0d22mw-JZfk15fUzV8ToB0cZMUxrAvB8: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n
404 Not Found
\r\n”
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: boom.pelmorex.com
Type: unauthorized
Detail: Invalid response from
http://boom.pelmorex.com/.well-known/acme-challenge/9Xi0PElLfgt0d22mw-JZfk15fUzV8ToB0cZMUxrAvB8:
“\r\n404 Not Found\r\n<body
bgcolor=“white”>\r\n404 Not
\r\n
Found
”To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): Nginx (act as redirector)
The operating system my web server runs on is (include version): CentOS 7.5
My hosting provider, if applicable, is: self-host
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
I have this current setup.
I have one server that handle only certificate generator (Let’s Encrypt) and I have other servers that either host webserver or redirectors.
For testing purpose, I’m working only on redirectors.
I have nginx that handle all the incoming traffic and redirect into https.
In encrypt server nginx conf, I left it almost by default except these lines.
listen 80 ;
#listen [::]:80 default_server;
server_name _;
#root /usr/share/nginx/html;
As for redirector server, nginx conf, I added/modified these lines.
server {
listen 80;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
proxy_pass http://encrypt.pelmorex.com;
allow all;
#root /usr/share/nginx/html;
}
and the boom subdomain conf, is as follow.
server {
listen 80;
server_name boom.pelmorex.com;
root /var/www/html/boom;
access_log /var/log/nginx/boom_access.log main;
#return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name boom.pelmorex.com;
location ^~ /.well-known/acme-challenge {
default_type “text/plain”;
proxy_pass http://encrypt.pelmorex.com;
allow all;
}
# include conf.d/ssl_test;
access_log /var/log/nginx/boom_access.log main;
root /var/www/html/boom;
#return 301 https://www.pelmorex.com$request_uri;
}
I did a few tests and so far so good… What could have done wrong?
https://letsdebug.net/boom.pelmorex.com/6477
&
http://boom.pelmorex.com/.well-known/acme-challenge/test
P.S. If i’m missing anything or need clarification, let me know.
Thanks