Certbot HTTP Webroot Setup Failing - Nginx Config Block Not Pointing to Correct Location


#1

Hi all;

I’m running my server (Debian 7) through nginx 1.6.2, and I can’t seem to get letsencrypt working properly.

I’ve set my virtualhosts and default to have this in each server block

location ^~ /.well-known/acme-challenge/ {
alias /var/www/acme-challenge/;
}

Running

certbot certonly -a webroot --webroot-path=/var/www/acme-challenge -d |MYDOMAIN| -d www.|MYDOMAIN|

Gives me

Failed authorization procedure. |MYDOMAIN| (http-01): urn:acme:er ror:unauthorized :: The client lacks sufficient authorization :: Invalid re sponse from http:/|MYDOMAIN|/.well-known/acme-challenge/rGOsg6v7 ISu_u9xu1JBv_kgo-oOoQu6rHNY2uUtRR2U: "

404 Not Found

404 Not Found


"

Nginx logs show that it is being routed correctly

2017/05/02 20:50:38 [error] 32392#0: *4 open() “/var/www/acme-challenge/rGOsg6v7ISu_u9xu1JBv_kgo-oOoQu6rHNY2uUtRR2U” failed (2: No such file or directory)

I do have root access to my server

I put a index.html in /var/www/acme-challenge/ and trying to go to http://|MYDOMAIN|/.well-known/acme-challenge/ does show it.

I’m at a loss for why this isn’t working, is anyone able to help?


#2

That exact setup won’t work.

--webroot-path=/var/www/acme-challenge” caused Certbot to create the file “/var/www/acme-challenge/.well-known/acme-challenge/rGOsg6v7ISu_u9xu1JBv_kgo-oOoQu6rHNY2uUtRR2U”. Nginx was, of course, looking for “/var/www/acme-challenge/rGOsg6v7ISu_u9xu1JBv_kgo-oOoQu6rHNY2uUtRR2U”, so the file could not be found.

Change “alias /var/www/acme-challenge/;” to “root /var/www/acme-challenge/;” and it should all be okay. :slight_smile:


#3

Ahh, cheers for the explanation, I was tearing my hair out over that one.

Yea that did it; Cheers for that


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.