Certbot can't issue certificate

alexMars · October 23, 2023, 12:53pm

rg305 · October 23, 2023, 12:53pm

replace certbot with your client app name
ps -ef | grep app-name

alexMars · October 23, 2023, 12:56pm

under "client" I meant our user.

rg305 · October 23, 2023, 1:04pm

OK.
So, what "process" adds/updates nginx?
Is that process [still] running now?

alexMars · October 23, 2023, 1:05pm

rg305 · October 23, 2023, 1:10pm

We already know that nginx is running.
We don't know what process updates the nginx configuration.
We don't know if that "update process" is still running OR not.

alexMars · October 23, 2023, 1:12pm

Ok. seems that I found. Sorry - I forgot to close the notepad with nginx.conf editing.
Now I have this error

ubuntu@ip-172-31-0-122:~$ sudo certbot certonly --nginx -d screenglide.co -d www.screenglide.co --redirect -n --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Simulating a certificate request for screenglide.co and www.screenglide.co

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: screenglide.co
Type: unauthorized
Detail: During secondary validation: 54.158.45.35: Invalid response from http://screenglide.co/.well-known/acme-challenge/zL7BMqc4C3mFk_GS1CtFvdt7nbLUbTvQ6SqUy4CCqlQ: 404

Domain: www.screenglide.co
Type: unauthorized
Detail: During secondary validation: 54.158.45.35: Invalid response from http://screenglide.co: "\n\n<html class="style-green-1 custom_fonts comps live_website unicorn-platform-website" lang="">\n\n\n\n \n\t<!-"

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

rg305 · October 23, 2023, 1:15pm

That's unusual...
That implies that the primary validation passed.

Is there a load-balancer in use?

alexMars · October 23, 2023, 1:16pm

Nope. Just ubuntu server and nginx.

rg305 · October 23, 2023, 1:21pm

Did you include that domain in the nginx config?
If so, please show the vhost block.

alexMars · October 23, 2023, 1:23pm

No...we don't have it it nginx config. The server block is adding when nginx and certbot finish the certificate issuance process

alexMars · October 23, 2023, 1:24pm

and it worked long time. But near 1 month ago we started to receive these errors with certs. We tried to use another ubuntu server - it worked some time...and about 2 days ago we started to receive erorrs on new server

alexMars · October 23, 2023, 1:47pm

we have the database with website urls. When the customer connects the domain then it works by this rule

server {
	listen 80;
	server_name   ~^(.+\.)(?<domain>.+\..+)$;
	rewrite ^ $scheme://$domain permanent;
}

So our server is checking the domain in our database. And it works without https. When the customer tries to connect SSL cert - then we add server block with exactly domain

rg305 · October 23, 2023, 1:53pm

But a block is required to pass the certification issuance process.

Catch-22

alexMars:

we have the database with website urls. When the customer connects the domain then it works by this rule
server {
	listen 80;
	server_name   ~^(.+\.)(?<domain>.+\..+)$;
	rewrite ^ $scheme://$domain permanent;
}

How does that connect to a database?

alexMars · October 23, 2023, 5:23pm

We have the server with django

alexMars · October 23, 2023, 5:24pm

right now I understand that this server with django can affect to this process...but in this case it will affect on all our servers. But we have 6 servers with same configuration. And this issue is only on 2 our servers

rg305 · October 23, 2023, 9:49pm

You might have to switch to using --webroot and a globally aliased path.

system · November 22, 2023, 9:49pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.