Note: I'm using Nginx and I'm getting a 404 for the challenge.
I had an issue before with certain subdomains and not others not working, but I decided to just give up and create a new subdomain for the site and a brand new site file.
server {
listen 80;
root /var/www/wikifamily;
index index.php;
server_name globalwiki.rfx.fi
www.globalwiki.rfx.fi;
location ~* \.php$ {
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}
Above is what I started with and below are two of the possibilities that I tried and neither one of them works.
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 47 48
Requesting a certificate for www.globalwiki.rfx.fi and globalwiki.rfx.fi
Performing the following challenges:
http-01 challenge for globalwiki.rfx.fi
http-01 challenge for www.globalwiki.rfx.fi
Waiting for verification...
Challenge failed for domain globalwiki.rfx.fi
Challenge failed for domain www.globalwiki.rfx.fi
http-01 challenge for globalwiki.rfx.fi
http-01 challenge for www.globalwiki.rfx.fi
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: globalwiki.rfx.fi
Type: unauthorized
Detail: Invalid response from
http://globalwiki.rfx.fi/.well-known/acme-challenge/BfjbNnSYE-rgDCguskhj85gxq10brQbjsVxRnkEztjU
[192.241.132.174]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
Not Found</h1></center>\r\n<hr><center>"
Domain: www.globalwiki.rfx.fi
Type: unauthorized
Detail: Invalid response from
http://www.globalwiki.rfx.fi/.well-known/acme-challenge/hyRtsa82_AZOkqeeiifJe2a8mTsKZ6XZg7AoowUPNAA
[192.241.132.174]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404
Not Found</h1></center>\r\n<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
The domain records work fine because I can navigate to the site and have it work. Something is wrong with this "well known acme" system. The only thing that I can figure is something is wrong with location ~* \.php$ { and somehow it's preventing this "well known acme challenge" from working.
Edit: That's not the problem because I checked another site and it's the same and works fine with a cert. This particular site is just cursed for some reason and I can't figure out why when everything shows that it should be working.
It's my understanding that certbot doesn't actually create the /.well-known/acme-challenge/ directory structure in nginx, but rather adds an exception to the nginx configuration to serve the challenge files.
Try adding --debug-challenges to your certbot command so that certbot will pause before submitting verification requests to the CA. This will let you take a look around.
Thanks. I just created a folder in the web directory and chown'd it for www-data. I hit the rate limit of failed challenges for the hour but I'll try when I can to see if it works. I'll also try running that flag and see if it gives any useful information for why it doesn't work.
If the staging works and the production doesn't then I'm beginning to suspect a DNS issue where the LE staging server is possibly seeing a different version of your webserver than the LE production server.
cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 206.189.193.106
nameserver 2001:4860:4860::8844
nameserver 2001:4860:4860::8888
nameserver 8.8.8.8
I think that's a server I made to resolve OpenNIC domains but certbot worked in the past with it.