Certbot: Invalid response http://www.example.org/.well-known/acme-challenge

Help
42

Mhm yes that could be.

But sadly not. :frowning:

512074bc4991   vaultwarden/server:latest      "/start.sh"              2 minutes ago   Up 2 minutes (healthy)   80/tcp, 3012/tcp, 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp   vaultwarden
4dcdc27eda1d   itzg/minecraft-server:latest   "/start -e MEMORY=5G…"   3 months ago    Up 5 days (healthy)      0.0.0.0:25565->25565/tcp, :::25565->25565/tcp, 25575/tcp      minecraftServer

these are my docker container.

43

I confess my docker-fu is not strong, but this doesn't look like my guess was correct.

How about we find out how exactly is this rogue nginx process ran: find its pid (netstat -pant | grep 80) and run this command to see the parent chain:

pstree -gs <pid>
4 Likes
44

Here :slight_smile:

systemd(1)───nginx(3366)─┬─nginx(3366)
                         ├─nginx(3366)
                         ├─nginx(3366)
                         ├─nginx(3366)
                         └─nginx(3366)
45

Right, so there some kind of nginx process that is launched by systemd and it does listen on port 80. Letʼs see systemctl status 3366

2 Likes
46

  • nginx-osp. service - The NGINX HTTP and reverse proxy server
    Loaded: loaded (/etc/systemd/system/nginx-osp.service; enabled; vendor preset: enabled)
    Active: active (running) since Sat 2023-06-24 13:39:18 UTC; 5 days ago
    Process: 3292 ExecStart=/us/local/nginx/sbin/nginx (code=exited, status=0/SUCCESS)
    Main PID: 3366 (nginx)
    Tasks: 6 (limit: 9388)
    Memory: 7.3M
    CPU: 6.116s
    CGroup: /system.slice/nginx-osp.service

  • 3366 "nginx: master process /us/local/nginx/sbin/nginx"

  • 3367 "nginx: worker process" ""

  • 3368 "nginx: worker process" ""

  • 3369 "nginx: worker process" ""

  • 3370 "nginx: worker process" !!

  • 3371 "nginx: cache manager process"

47

Not sure what nginx-osp is. Disable it with:

systemctl disable --now nginx-osp

And try starting the regular nginx.

2 Likes
48

What would be the right command to start the normal nginx? Is systemctl restart nginx.service wrong?

49

No, that is the correct command.

1 Like
50

Searching for nginx-osp reveals some kind of Open Streaming Platform. If that rings a bell and you have no use for it: I would suggest investigating on how to cleanly remove its remnants.

2 Likes
51

IMG_2491
IMG_24911125×2436 168 KB

Well thats different! No error. Thats not Bitwarden but thats probably just a config mistake.

1 Like
52

IMG_2492
IMG_24921125×2436 428 KB

Renewal works too! Looks like solved?

1 Like
53

Yup. Your bitwarden subdomain serves the certificate that was issued just now.

3 Likes
54

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.