replace certbot
with your client app name
ps -ef | grep app-name
under "client" I meant our user.
OK.
So, what "process" adds/updates nginx
?
Is that process [still] running now?
We already know that nginx
is running.
We don't know what process updates the nginx
configuration.
We don't know if that "update process" is still running OR not.
Ok. seems that I found. Sorry - I forgot to close the notepad with nginx.conf editing.
Now I have this error
ubuntu@ip-172-31-0-122:~$ sudo certbot certonly --nginx -d screenglide.co -d www.screenglide.co --redirect -n --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Simulating a certificate request for screenglide.co and www.screenglide.co
Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: screenglide.co
Type: unauthorized
Detail: During secondary validation: 54.158.45.35: Invalid response from http://screenglide.co/.well-known/acme-challenge/zL7BMqc4C3mFk_GS1CtFvdt7nbLUbTvQ6SqUy4CCqlQ: 404
Domain: www.screenglide.co
Type: unauthorized
Detail: During secondary validation: 54.158.45.35: Invalid response from http://screenglide.co: "\n\n<html class="style-green-1 custom_fonts comps live_website unicorn-platform-website" lang="">\n\n\n\n \n\t<!-"
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
That's unusual...
That implies that the primary validation passed.
Is there a load-balancer in use?
Nope. Just ubuntu server and nginx.
Did you include that domain in the nginx
config?
If so, please show the vhost block.
No...we don't have it it nginx config. The server block is adding when nginx and certbot finish the certificate issuance process
and it worked long time. But near 1 month ago we started to receive these errors with certs. We tried to use another ubuntu server - it worked some time...and about 2 days ago we started to receive erorrs on new server
we have the database with website urls. When the customer connects the domain then it works by this rule
server {
listen 80;
server_name ~^(.+\.)(?<domain>.+\..+)$;
rewrite ^ $scheme://$domain permanent;
}
So our server is checking the domain in our database. And it works without https. When the customer tries to connect SSL cert - then we add server block with exactly domain
But a block is required to pass the certification issuance process.
Catch-22
How does that connect to a database?
We have the server with django
right now I understand that this server with django can affect to this process...but in this case it will affect on all our servers. But we have 6 servers with same configuration. And this issue is only on 2 our servers
You might have to switch to using --webroot
and a globally aliased path.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.