My domain is: auth.wumbo.life
I ran this command:
sudo letsencrypt certonly -a webroot --webroot-path=/path/to/application -d auth.wumbo.life
It produced this output and stack trace in the logs:
2017-12-30 05:32:12,794:DEBUG:letsencrypt.cli:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/letsencrypt", line 9, in
load_entry_point('letsencrypt==0.4.1', 'console_scripts', 'letsencrypt')()
File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1986, in main
return config.func(config, plugins)
File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 706, in obtain_cert
_, action = _auth_from_domains(le_client, config, domains, lineage)
File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 474, in _auth_from_domains
lineage = le_client.obtain_and_enroll_certificate(domains)
File "/usr/lib/python2.7/dist-packages/letsencrypt/client.py", line 269, in obtain_and_enroll_certificate
certr, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python2.7/dist-packages/letsencrypt/client.py", line 252, in obtain_certificate
return self.obtain_certificate_from_csr(domains, csr) + (key, csr)
File "/usr/lib/python2.7/dist-packages/letsencrypt/client.py", line 225, in obtain_certificate_from_csr
authzr = self.auth_handler.get_authorizations(domains)
File "/usr/lib/python2.7/dist-packages/letsencrypt/auth_handler.py", line 84, in get_authorizations
self._respond(cont_resp, dv_resp, best_effort)
File "/usr/lib/python2.7/dist-packages/letsencrypt/auth_handler.py", line 142, in _respond
self._poll_challenges(chall_update, best_effort)
File "/usr/lib/python2.7/dist-packages/letsencrypt/auth_handler.py", line 204, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
FailedChallenges: Failed authorization procedure. auth.wumbo.life (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://35.168.225.2/.well-known/acme-challenge/Xl9Of-OhVSU090xibt-XOFgDialzgQuqKzlh3vkkMGk: Error getting validation data
My web server is (include version): nginx/1.10.3 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 16.04.3 (4.4.0-1043-aws)
My hosting provider, if applicable, is: GoDaddy + AWS
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
I am working on a tool to use with SSO for a personal project. Out of the box, I have configured nginx to listen on port 80, set the path in my serverblock as follows:
server { listen 80; listen [::]:80; root /home/username/appdirectory; location ~ /.well-known { allow all; } # return 301 https://$server_name$request_uri; }
I have confirmed in the logs that the challenge file is being created (and then cleaned-up when it fails). In order for this to work I had to create the ".well-known" directory manually and gave ownership to www-data on this and the app directory for troubleshooting so perhaps there is some sort of issue with permissions? I have tried a variety of permissions and double-checked firewall rules to ensure that all communication flow should be happening.
To currently test, you should be able to access a test index.html in the same directory by visiting the address directly via http.
Are there certain configurations or permissions that must exist that are not documented in the tutorials for the webroot tool to work properly on Ubuntu 16.04 out of the box?