Certbot nginx seems to be looking for the challenge in the wrong place

While testing, please use --dry-run (or --staging)
Then once it passes the tests, switch back to production.

1 Like

I saw that too late, but it succeeded, thank you! It didn't offer me any options for redirecting http to https so I guess I'm going to have to manually wrangle that bit. I wonder why.

1 Like

Oh it did add in the redirect, maybe the new version of certbot just doesn't ask first.

Redirection in nginx is cake!
Here have a piece:

  location ^/(?!\.well-known) {            # skip challenge requests
    return 301 https://$host$request_uri;  # send all requests to HTTPS
  }# location
  root /new/dedicated/challenge/path;      # path for challenge requests

That will allow the challenge requests to be handled in HTTP (not redirected like all other requests).
And use a dedicated path for added security!
[can't have too much of that]

For anyone reading this:
/new/dedicated/challenge/path
Is just a placeholder / example.
You would need to replace that with a real place.
A new one freshly created for this single purpose.
NOT a path that already has anything inside/beneath it. [bad for security]

1 Like

This is resolved, the issue was that I didn't have a listen directive in my nginx virtual host config file, and so ipv6 requests were going somewhere unexpected. After adding in

    listen         80;
    listen         [::]:80;

after the server name directive in my config. Once that was in there and nginx reloaded the configm certbot was able to successfully challenge and get the cert, Thanks @rg305 !

1 Like

Glad I could help - I would have selected the first post that mentioned the specific problem as the solution. In the grand scheme you brought a problem here and then you solved it yourself...
But to each his own.
Cheers from Miami :beers:

#FreeCUBA

1 Like

Sorry if I did it wrong, I wanted the listed solution to actually tell a future googler how to fix the issue if they have the same problem.

Thanks again from Japan.

2 Likes

@rg305 I marked your post as the solution. If you wouldn't mind, I'd love it if you could copy in the solution info into your post, so that people who find this later can get to the solution quickly.

1 Like

Thanks!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.