Challenge failed for domain

I don't see any obvious mistakes in the config files :thinking:. A couple of things to check:

  1. Did you reload or restart nginx after making changes?
  2. Is this the configuration used by nginx? Check if nginx actually uses this configuration, see if the command line contains any -c flags (ps aux |grep nginx). If there are none, see if it by default uses /etc/nginx/nginx.conf, look for --conf-path in the output of nginx -V
1 Like

Yes, reloaded every change.

www-data 741982 0.0 0.2 67512 11824 ? S 10:52 0:02 nginx: worker process
www-data 741983 0.0 0.2 67028 11544 ? S 10:52 0:00 nginx: worker process
adminus+ 743059 0.0 0.0 6300 656 pts/0 S+ 11:33 0:00 grep --color=auto nginx
root 871192 0.0 0.2 66788 10056 ? S Jan02 0:04 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;

adminuser@proxy:/etc/nginx/conf.d$ sudo nginx -V
nginx version: nginx/1.18.0 (Ubuntu)
built with OpenSSL 1.1.1f 31 Mar 2020
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-lUTckl/nginx-1.18.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/ --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-compat --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module

Is there a reason you need to specify the listen with an IP address here?

Because mixing specific IP and non-specific IP server blocks can lead to odd results.

I am pretty sure if you change that to just listen 80; the problem will go away.

And, at least for now, make your server block like below for your bestfostering domain. One of the earlier attempts had settings that would not work right so this is good place to start

server {
     listen 80;
     return 301 https://$host$request_uri;

Yes, that worked. I should've guessed really because the trolltec domain was only added about 6 weeks ago and is the only thing that's changed since the last certificate renewal.

Thanks for all your help - really appreciate it.


Same problem.
Solution: temporarily turned off the VPN on the router.
After obtaining the certificates, I turned the VPN back on.

Pretty sure you didn't have the same problem. This was a faulty nginx listen setting which caused nginx to select the wrong server block to handle an incoming request.

Even if this person had a VPN (and none was mentioned), it was resolved by fixing the nginx config.

I think I'll mark that post as a Solution to make that clearer :slight_smile:


Yes, we had no VPN.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.