Certbot not generating file

ElementZero · October 14, 2018, 3:02pm

I’ve tried a bunch of stuff but for some reason I cannot get certbot to generate the files. I manually created the .well-known/acme-challenge folders and set them to 755. The folders are owned by root. I put a file in there and it works

http://test.techforgeconsulting.com/.well-known/acme-challenge/aa.php

the certbot just does not create the file. I’m honestly not sure what else to try (besides going with webroot or something).

My domain is: test.techforgeconsulting.com

I ran this command: sudo certbot --nginx --staging

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: test.techforgeconsulting.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for test.techforgeconsulting.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. test.techforgeconsulting.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://test.techforgeconsulting.com/.well-known/acme-challenge/v4RrXdpy178kfAcK58u-L9x_7ec3GaUFkwIGMdif45Q: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: test.techforgeconsulting.com
   Type:   unauthorized
   Detail: Invalid response from
   http://test.techforgeconsulting.com/.well-known/acme-challenge/v4RrXdpy178kfAcK58u-L9x_7ec3GaUFkwIGMdif45Q:
   "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body
   bgcolor=\"white\">\r\n<center><h1>404 Not
   Found</h1></center>\r\n<hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version): Nginx 1.14

The operating system my web server runs on is (include version): Ubuntu 18.04 LTS

My hosting provider, if applicable, is: none

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

My nginx config

# Default server configuration
server {
        listen 80 default_server;
        listen [::]:80 default_server;

        # SSL configuration
        #
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782 and https://cipherli.st
        ssl_protocols TLSv1.3;# Requires nginx >= 1.13.0 else use TLSv1.2
        ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/nginx/dhparam.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096
        ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SH$
        ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
        ssl_session_timeout  10m;
        ssl_session_cache shared:SSL:10m;
        ssl_session_tickets off; # Requires nginx >= 1.5.9
        ssl_stapling on; # Requires nginx >= 1.3.7
        ssl_stapling_verify on; # Requires nginx => 1.3.7
        resolver 8.8.8.8 8.8.4.4 valid=300s;
        resolver_timeout 5s;
        add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
        add_header X-Frame-Options DENY;
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";

        # Server Root
        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.php index.html index.htm;

        server_name test.techforgeconsulting.com;

#       location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
#               try_files $uri $uri/ =404;
#       }

        # pass PHP scripts to FastCGI server
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.2-fpm.sock;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        location ~ /\.ht {
                deny all;
        }
}

JuergenAuer · October 14, 2018, 3:18pm

Hi @ElementZero

I can't find this file - http-status 404, not found. Please remove the file-extension .php, because Letsencrypt loads a file without extension. Use a file with file name "aa" or "1234"

Looks like your .php - files are redirected.

ElementZero · October 15, 2018, 2:02am

Nevermind, did a lot of digging and basically my internal DNS was sending me to the correct server but the router wasn't routing it correctly for some reason -especially confusing since the server the external traffic was being sent to has the same default pages.

All fixed now, thanks!

system · November 14, 2018, 2:02am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.