Response for LetsEncrypt:
certbot certonly --webroot --webroot-path=/usr/share/nginx/html -d bots.artbelka.by
404 Not Found
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
An unexpected error occurred:
There were too many requests of a given type :: Error creating new authz :: Too many invalid authorizations recently.
Please see the logfiles in /var/log/letsencrypt for more details.
root@tsd-ubuntu-do:/opt/letsencrypt# certbot certonly --webroot --webroot-path=/usr/share/nginx/html -d bots.artbelka.by --staging
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for bots.artbelka.by
Using the webroot path /usr/share/nginx/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. bots.artbelka.by (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://bots.artbelka.by/.well-known/acme-challenge/kEccrFvyjw3-lTaPHRvhUE0edUOgjhmN8GXMayU7uiw: "Not Found
<p"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: bots.artbelka.by
404 Not Found
Type: unauthorized
Detail: Invalid response from
http://bots.artbelka.by/.well-known/acme-challenge/kEccrFvyjw3-lTaPHRvhUE0edUOgjhmN8GXMayU7uiw:
"Not Found
<p"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
Response for local machine:
curl -L http://bots.artbelka.by/.well-known/acme-challenge/kEccrFvyjw3-lTaPHRvhUE0edUOgjhmN8GXMayU7uiw:
403 Forbidden403 Forbidden
nginx/1.10.0 (Ubuntu)
LetsEncrypt log:
2017-06-01 21:04:40,096:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: bots.artbelka.by
404 Not Found
Type: unauthorized
Detail: Invalid response from http://bots.artbelka.by/.well-known/acme-challenge/kEccrFvyjw3-lTaPHRvhUE0edUOgjhmN8GXMayU7uiw: "Not Found
<p"
To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address.
404 Not Found
2017-06-01 21:04:40,096:INFO:certbot.auth_handler:Cleaning up challenges
2017-06-01 21:04:40,096:DEBUG:certbot.plugins.webroot:Removing /usr/share/nginx/html/.well-known/acme-challenge/kEccrFvyjw3-lTaPHRvhUE0edUOgjhmN8GXMayU7uiw
2017-06-01 21:04:40,097:DEBUG:certbot.plugins.webroot:All challenges cleaned up, removing /usr/share/nginx/html/.well-known/acme-challenge
2017-06-01 21:04:40,097:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in
load_entry_point('certbot==0.14.2', 'console_scripts', 'certbot')()
File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 742, in main
return config.func(config, plugins)
File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 682, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python2.7/dist-packages/certbot/main.py", line 82, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 344, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python2.7/dist-packages/certbot/client.py", line 313, in obtain_certificate
self.config.allow_subset_of_names)
File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 81, in get_authorizations
self._respond(resp, best_effort)
File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 138, in _respond
self._poll_challenges(chall_update, best_effort)
File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 202, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. bots.artbelka.by (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://bots.artbelka.by/.well-known/acme-challenge/kEccrFvyjw3-lTaPHRvhUE0edUOgjhmN8GXMayU7uiw: "Not Found
<p"
NGINX file:
server {
autoindex on;
listen 80 default_server;
root /usr/share/nginx/html;
# server_name bots.artbelka.by *.bots.artbelka.by;
location /.well-known/ {
return 403;
root /usr/share/nginx/html;
allow all;
}
location ~ /.well-known {
return 403;
add_header Content-Type text/plain;
allow all;
}
}
NGINX NEED RETURN 403 FOR LETSENCRYPT, BUT LETSENCRYPT SERVERS TELL ME ABOUT 404 RESPONSE... WHY? And local machine tell me about 403 response - correct response. Lets Encrypt not called my domain?