My domain is: velebittravel.com
I ran this command: sudo certbot --nginx
It produced this output:
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 2
Requesting a certificate for velebittravel.com
Performing the following challenges:
http-01 challenge for velebittravel.com
Waiting for verification...
Challenge failed for domain velebittravel.com
http-01 challenge for velebittravel.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: velebittravel.com
Type: unauthorized
Detail: Invalid response from http://www.velebittravel.com
[144.217.153.176]: "<html xml:lang=\"fr-FR\"
lang=\"fr-FR\">\n<head>\n<title qtlid=\"28806\">Félicitations !
Votre domaine a bien été créé chez OVH !</"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): NGINX 1.18.0
The operating system my web server runs on is (include version): CentOS 7
My hosting provider, if applicable, is: OVH (A VPS)
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): VestaCP
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot 1.10.1
rg305
January 12, 2021, 1:11am
2
Hi and welcome to the LE community forum
You showed that you selected "2", but you don't show what they are:
I see that you want to get a cert for domain: velebittravel.com
With the "WWW".
I also see that the first domain redirects to the second:
curl -Iki velebittravel.com
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Tue, 12 Jan 2021 01:05:30 GMT
Content-Type: text/html
Content-Length: 138
Location: http://www.velebittravel.com
This may be part of the problem.
If I may advise, I would get a cert with both names on it.
As for the "proper handling", I've found it best to handle the HTTP challenges in HTTP.
Well, so how do i get the cert for the both name? And how do i solve this problem?
The 2 domains i was selecting were the www.velebittravel.com and velebittravel.com .
I don't know how get you the vhost settings nor what do you mean with it.
rg305
January 12, 2021, 1:31am
4
This answers that:
Please post the output of:nginx -T
Be sure to use three backticks above and below your config - or it may be difficult to read.
```
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
This it what it says, but it still giving me the same error.
rg305
January 12, 2021, 2:19am
6
NOT:nginx -tningx -T
Oh sorry, there you are
root@www:~# nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
# Server globals
user www-data;
worker_processes auto;
worker_rlimit_nofile 65535;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
# Worker config
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
# Main settings
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_header_timeout 60s;
client_body_timeout 60s;
client_header_buffer_size 2k;
client_body_buffer_size 256k;
client_max_body_size 256m;
large_client_header_buffers 4 8k;
send_timeout 60s;
keepalive_timeout 30s;
reset_timedout_connection on;
server_tokens off;
server_name_in_redirect off;
server_names_hash_max_size 512;
server_names_hash_bucket_size 512;
# Log format
log_format main '$remote_addr - $remote_user [$time_local] $request '
'"$status" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format bytes '$body_bytes_sent';
#access_log /var/log/nginx/access.log main;
access_log off;
# Mime settings
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Compression
gzip on;
gzip_static on;
gzip_vary on;
gzip_comp_level 6;
gzip_min_length 1024;
gzip_buffers 16 8k;
gzip_types text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype;
gzip_proxied any;
gzip_disable "MSIE [1-6]\.";
# Proxy settings
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header Set-Cookie;
proxy_buffers 32 4k;
proxy_connect_timeout 30s;
proxy_send_timeout 90s;
proxy_read_timeout 90s;
# Cloudflare https://www.cloudflare.com/ips
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
#set_real_ip_from 2400:cb00::/32;
#set_real_ip_from 2606:4700::/32;
#set_real_ip_from 2803:f800::/32;
#set_real_ip_from 2405:b500::/32;
#set_real_ip_from 2405:8100::/32;
#set_real_ip_from 2c0f:f248::/32;
#set_real_ip_from 2a06:98c0::/29;
real_ip_header CF-Connecting-IP;
# SSL PCI Compliance
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
# Error pages
error_page 403 /error/403.html;
error_page 404 /error/404.html;
error_page 502 503 504 /error/50x.html;
# Cache settings
proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m;
proxy_cache_key "$host$request_uri $cookie_user";
proxy_temp_path /var/cache/nginx/temp;
proxy_ignore_headers Expires Cache-Control;
proxy_cache_use_stale error timeout invalid_header http_502;
proxy_cache_valid any 1d;
# Cache bypass
map $http_cookie $no_cache {
default 0;
~SESS 1;
~wordpress_logged_in 1;
}
# File cache settings
open_file_cache max=10000 inactive=30s;
open_file_cache_valid 60s;
open_file_cache_min_uses 2;
open_file_cache_errors off;
# Wildcard include
include /etc/nginx/conf.d/*.conf;
}
# configuration file /etc/nginx/mime.types:
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
# configuration file /etc/nginx/conf.d/51.222.141.219.conf:
server {
listen 51.222.141.219:80 default;
server_name _;
#access_log /var/log/nginx/51.222.141.219.log main;
location / {
proxy_pass http://51.222.141.219:8080;
}
}
# configuration file /etc/nginx/conf.d/status.conf:
server {
listen 127.0.0.1:8084 default;
server_name _;
server_name_in_redirect off;
location / {
stub_status on;
access_log off;
}
}
# configuration file /etc/nginx/conf.d/vesta.conf:
include /home/admin/conf/web/velebittravel.com.nginx.conf;
# configuration file /home/admin/conf/web/velebittravel.com.nginx.conf:
server {
listen 51.222.141.219:80;
server_name velebittravel.com www.velebittravel.com;
error_log /var/log/apache2/domains/velebittravel.com.error.log error;
location / {
proxy_pass http://51.222.141.219:8080;
location ~* ^.+\.(jpg|jpeg|gif|png|ico|svg|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|odt|ods|odp|odf|tar|wav|bmp|rtf|js|mp3|avi|mpeg|flv|html|htm)$ {
root /home/admin/web/velebittravel.com/public_html;
access_log /var/log/apache2/domains/velebittravel.com.log combined;
access_log /var/log/apache2/domains/velebittravel.com.bytes bytes;
expires max;
try_files $uri @fallback;
}
}
location /error/ {
alias /home/admin/web/velebittravel.com/document_errors/;
}
location @fallback {
proxy_pass http://51.222.141.219:8080;
}
location ~ /\.ht {return 404;}
location ~ /\.svn/ {return 404;}
location ~ /\.git/ {return 404;}
location ~ /\.hg/ {return 404;}
location ~ /\.bzr/ {return 404;}
include /home/admin/conf/web/nginx.velebittravel.com.conf*;
}
```
rg305
January 12, 2021, 2:29am
8
Can you please edit the post and add the backticks?
```
You can click the PENCIL icon to edit.
rg305
January 12, 2021, 2:33am
9
Please show this file:
[again, use ``` before and after]
server {
listen 51.222.141.219:80;
server_name velebittravel.com www.velebittravel.com;
error_log /var/log/apache2/domains/velebittravel.com.error.log error;
location / {
proxy_pass http://51.222.141.219:8080;
location ~* ^.+\.(jpg|jpeg|gif|png|ico|svg|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|odt|ods|odp|odf|tar|wav|bmp|rtf|js|mp3|avi|mpeg|flv|html|htm)$ {
root /home/admin/web/velebittravel.com/public_html;
access_log /var/log/apache2/domains/velebittravel.com.log combined;
access_log /var/log/apache2/domains/velebittravel.com.bytes bytes;
expires max;
try_files $uri @fallback;
}
}
location /error/ {
alias /home/admin/web/velebittravel.com/document_errors/;
}
location @fallback {
proxy_pass http://51.222.141.219:8080;
}
location ~ /\.ht {return 404;}
location ~ /\.svn/ {return 404;}
location ~ /\.git/ {return 404;}
location ~ /\.hg/ {return 404;}
location ~ /\.bzr/ {return 404;}
include /home/admin/conf/web/nginx.velebittravel.com.conf*;
}
/home/admin/conf/web/velebittravel.com.nginx.conf (END)
rg305
January 12, 2021, 2:35am
11
Please show w/e this includes:
Or
So i just delete that line from the file?
rg305
January 12, 2021, 2:37am
14
Does that show anything?ls -l /home/admin/conf/web/nginx.velebittravel.com.conf*
Yes, there it is
ls -l /home/admin/conf/web/nginx.velebittravel.com.conf*
-rw-r--r-- 1 root root 147 Jan 12 02:24 /home/admin/conf/web/nginx.velebittravel.com.conf_letsencrypt
rg305
January 12, 2021, 2:39am
16
Show file:/home/admin/conf/web/nginx.velebittravel.com.conf_letsencrypt
location ~ "^/\.well-known/acme-challenge/(.*)$" {
default_type text/plain;
return 200 "$1.RR-Gy5jQRGHRWGyTwFOuarOpGypGIQC2jlSK4fDChWw";
}
rg305
January 12, 2021, 2:41am
18
Interesting...
Let's see if we can code a more permanent solution .
and you can delete that file and that include line.
So, i must delete this:
and this line? include /home/admin/conf/web/nginx.velebittravel.com.conf*
rg305
January 12, 2021, 2:55am
20
Here I cleaned it up a tiny bit and reordered it in a way that makes more sense (top-down).mkdir /whatever/unique/path/you/chose/
server {
listen 51.222.141.219:80;
server_name velebittravel.com www.velebittravel.com;
error_log /var/log/apache2/domains/velebittravel.com.error.log error;
location ~ /\.ht {return 404;}
location ~ /\.svn/ {return 404;}
location ~ /\.git/ {return 404;}
location ~ /\.hg/ {return 404;}
location ~ /\.bzr/ {return 404;}
location /error/ {
alias /home/admin/web/velebittravel.com/document_errors/;
}# location
location @fallback {
proxy_pass http://51.222.141.219:8080;
}# location
location ~* ^.+\.(jpg|jpeg|gif|png|ico|svg|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|odt|ods|odp|odf|tar|wav|bmp|rtf|js|mp3|avi|mpeg|flv|html|htm)$ {
root /home/admin/web/velebittravel.com/public_html;
access_log /var/log/apache2/domains/velebittravel.com.log combined;
access_log /var/log/apache2/domains/velebittravel.com.bytes bytes;
expires max;
try_files $uri @fallback 404; #### added 404 as third option ####
}# location
location ~ /.well-known/acme-challenge/ {
default_type text/plain;
root /your/challenge/location/; ############ This path needs to be changed and created ##########
}# location
location / {
proxy_pass http://51.222.141.219:8080;
}# location
}# server
i don't understand. That is the file that had the include sentence? May i just put it in the one that already exist?
So, then i must get my certification?
