My domain is ponting to the vps 166.0.134.19
. You can even ping it but it gives me this error. IDK why this is happening at all? I generated the cert before the nginx config but that shouldn't matter. I've never had this problem to now, did something change in the update?
this was my steps to installing nginx and certbot:
apt-get update && apt-get upgrade -y
curl -fsSL https://deb.nodesource.com/setup_19.x | sudo -E bash -
apt-get install -y nodejs unzip certbot nginx
NGINX config
server {
listen 80;
server_name test.frostproxy.com;
# ACME-challenge
location ^~ /.well-known/acme-challenge/ {
root /var/www/html;
}
return 301 https://$server_name$request_uri;
}
LOG from certbot.log:
HTTP 200
Server: nginx
Date: Wed, 07 Jun 2023 06:30:58 GMT
Content-Type: application/json
Content-Length: 1041
Connection: keep-alive
Boulder-Requester: 983099596
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 371CX85F4G2163Q2wERbRrbkgFP4Nth8OsDomeId3iWMTmo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "test.frostproxy.com"
},
"status": "invalid",
"expires": "2023-06-14T06:30:57Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "166.0.134.19: Invalid response from http://test.frostproxy.com/.well-known/acme-challenge/MF6yWDf09JyXBi54aLDcpMLP8SEHFq9ukmcUFR6U2o0: 404",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/234657743817/QmbVgw",
"token": "MF6yWDf09JyXBi54aLDcpMLP8SEHFq9ukmcUFR6U2o0",
"validationRecord": [
{
"url": "http://test.frostproxy.com/.well-known/acme-challenge/MF6yWDf09JyXBi54aLDcpMLP8SEHFq9ukmcUFR6U2o0",
"hostname": "test.frostproxy.com",
"port": "80",
"addressesResolved": [
"166.0.134.19"
],
"addressUsed": "166.0.134.19"
}
],
"validated": "2023-06-07T06:30:57Z"
}
]
}
2023-06-07 08:30:58,701:DEBUG:acme.client:Storing nonce: 371CX85F4G2163Q2wERbRrbkgFP4Nth8OsDomeId3iWMTmo
2023-06-07 08:30:58,703:WARNING:certbot.auth_handler:Challenge failed for domain test.frostproxy.com
2023-06-07 08:30:58,703:INFO:certbot.auth_handler:http-01 challenge for test.frostproxy.com
2023-06-07 08:30:58,703:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:
Domain: test.frostproxy.com
Type: unauthorized
Detail: 166.0.134.19: Invalid response from http://test.frostproxy.com/.well-known/acme-challenge/MF6yWDf09JyXBi54aLDcpMLP8SEHFq9ukmcUFR6U2o0: 404
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2023-06-07 08:30:58,705:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2023-06-07 08:30:58,705:DEBUG:certbot.error_handler:Calling registered functions
2023-06-07 08:30:58,705:INFO:certbot.auth_handler:Cleaning up challenges
2023-06-07 08:30:58,706:DEBUG:certbot.plugins.webroot:Removing /var/www/html/.well-known/acme-challenge/MF6yWDf09JyXBi54aLDcpMLP8SEHFq9ukmcUFR6U2o0
2023-06-07 08:30:58,706:DEBUG:certbot.plugins.webroot:All challenges cleaned up
2023-06-07 08:30:58,707:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.40.0', 'console_scripts', 'certbot')()
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1382, in main
return config.func(config, plugins)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 1265, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "/usr/lib/python3/dist-packages/certbot/main.py", line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 417, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 348, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3/dist-packages/certbot/client.py", line 396, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 180, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
My domain is: test.frostproxy.com
I ran this command:
certbot certonly --noninteractive --agree-tos --keep-until-expiring -m admin@frostproxy.com -d test.frostproxy.com --webroot -w /var/www/html
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for test.frostproxy.com
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Challenge failed for domain test.frostproxy.com
http-01 challenge for test.frostproxy.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: test.frostproxy.com
Type: unauthorized
Detail: 166.0.134.19: Invalid response from
http://test.frostproxy.com/.well-known/acme-challenge/pMIW3Je-b92J9qapgwBpGWNi24wDahIXjUGjH4attCA:
404
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): NGINX/1.18.0
The operating system my web server runs on is (include version): Ubuntu 20.04
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): 0.40.0