Certbot - where is /.well-known created


#1

Hi,

One of those things that I’m sure is obvious but as a newbie to Linux and to LE, I’m struggling with the basics so I appreciate all the help I can get. I’ve read up what I can but can’t find the answer.

DN = vps379991.ovh.net
Command = certbot certonly --webroot -w /var/www/pbx -d vps379991.ovh.net
Output =

  • The following errors were reported by the server:

Domain: vps379991.ovh.net
Type: unauthorised
Detail: Invalid response from
http://vps379991.ovh.net/.well-known/acme-challenge/3HeJUTI-ugdMiGzByjckA3PokEZXuWiSN-fYHT5lD9o:

404 Not Found

404 Not Found

To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contains(s) the right IP address.

Webserver = nginx on Debian Jessie
Host = OVH

I totally understand that the destination is not responding because it does not exist at the root (/var/www/) but I assume it was generated “somewhere”?

Where can I find it? I assume I can just move the file?

Can I specify where the certificate gets created/stored?

M


#2

Indeed it was generated somewhere–it was generated exactly where you told certbot to put it, at /var/www/pbx. That’s apparently not the document root location for your webserver. I don’t know where it would be, but a few seconds with Google suggests that it would be either /var/www/ or /var/www/html/.

I believe certbot will let you change where the cert is stored, but there’s really no reason to–instead, update your SSL configuration to use the new cert/key in /etc/letsencrypt/live/yourhostname.


#3

Hi danb35,

Thanks for your reply.

I had a feeling someone would say something along those lines but I did check the folder at /var/www/pbx before I posted, but it is empty. That is unless it is hidden. I am relying on the “ls” command to show me. Remember, I am a Linux novice too. If the ls command is not what I should be using then please advise me.

The /var/www/html folder is where the active index file is.

There is no “live” folder in /etc/letsencrypt only accounts and renewal.

Leaving the office soon, so I’ll pick up again tomorrow.

Thanks,

M


#4

You won’t see /etc/letsencrypt/live until it successfully obtains a cert. In Unix-like operating systems (including Linux), file or directory names beginning with a . are usually hidden. To see them, run ‘ls -a’ rather than just ‘ls’.

But if the active index file is in /var/www/html, that’s probably the path you should use with the -w flag.


#5

Hi danb35,

Thanks for your help, the certificate now verifies and was created.

Onto the next challenge.

M


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.