Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
covid-see.com
I ran this command:
sudo certbot renew --dry-run
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/covid-see.cis.unimelb.edu.au.conf
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Simulating renewal of an existing certificate for covid-see.cis.unimelb.edu.au
Performing the following challenges:
http-01 challenge for covid-see.cis.unimelb.edu.au
Waiting for verification...
Challenge failed for domain covid-see.cis.unimelb.edu.au
http-01 challenge for covid-see.cis.unimelb.edu.au
Cleaning up challenges
Failed to renew certificate covid-see.cis.unimelb.edu.au with error: Some challenges have failed.
Processing /etc/letsencrypt/renewal/covid-see.com.conf
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Simulating renewal of an existing certificate for covid-see.com and www.covid-see.com
Performing the following challenges:
http-01 challenge for covid-see.com
http-01 challenge for www.covid-see.com
Waiting for verification...
Challenge failed for domain covid-see.com
Challenge failed for domain www.covid-see.com
http-01 challenge for covid-see.com
http-01 challenge for www.covid-see.com
Cleaning up challenges
Failed to renew certificate covid-see.com with error: Some challenges have failed.
All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/covid-see.cis.unimelb.edu.au/fullchain.pem (failure)
/etc/letsencrypt/live/covid-see.com/fullchain.pem (failure)
2 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: covid-see.cis.unimelb.edu.au
Type: unauthorized
Detail: 128.250.59.15: Invalid response from
http://covid-see.cis.unimelb.edu.au/.well-known/acme-challenge/LkOLCAFsgqYMfh7Pc8uC_3bFkFpC0EWKWd8uB7gAGKY:
503To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. -
The following errors were reported by the server:
Domain: covid-see.com
Type: unauthorized
Detail: 128.250.59.15: Invalid response from
http://covid-see.com/.well-known/acme-challenge/IVYO22KAb9juX0T1a0rQiKeIefb1Aiv2dIO6eoKY3tY:
503Domain: www.covid-see.com
Type: unauthorized
Detail: 128.250.59.15: Invalid response from
http://www.covid-see.com/.well-known/acme-challenge/_W1GIFJyUd-pVinQIScU6WlfHfbaRhDzvSbq7mACc3U:
503To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
nginx version: nginx/1.21.6
The operating system my web server runs on is (include version):
cat /etc/os-release
NAME="Red Hat Enterprise Linux Server"
VERSION="7.9 (Maipo)"
ID="rhel"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="7.9"
PRETTY_NAME="Red Hat Enterprise Linux"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:7.9:GA:server"
HOME_URL="https://www.redhat.com/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
My hosting provider, if applicable, is:
N/A
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
certbot 1.11.0
The acme-challenge files seem not to be accessible. The server appears to be redirecting despite including this file in nginx.conf:
configuration file /etc/nginx/letsencrypt-acme-challenge.conf:
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /var/www/html/acme;
break;
}
location = /.well-known/acme-challenge/ {
return 404;
}
Referenced in nginx.conf in a few places:
include /etc/nginx/conf.d/*.conf;
server {
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/covid-see.cis.unimelb.edu.au/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/covid-see.cis.unimelb.edu.au/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
server_name www.covid-see.cis.unimelb.edu.au covid-see.cis.unimelb.edu.au;
include /etc/nginx/letsencrypt-acme-challenge.conf;
location / {
return 301 https://covid-see.com$request_uri;
}
}
server {
listen 443 ssl; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy upgrade-insecure-requests;
ssl_certificate /etc/letsencrypt/live/covid-see.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/covid-see.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
server_name www.covid-see.com covid-see.com;
include /etc/nginx/letsencrypt-acme-challenge.conf;
root /srv/silo-q36/nlp-covid19/COVID-SEE/covidsee/WebApp/client/build;
index index.html;
#snip
location / {
try_files $uri /index.html;
}
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name covid-see.com www.covid-see.com;
include /etc/nginx/letsencrypt-acme-challenge.conf;
root /var/www/html;
location / {
#redirect http to https www
return 301 https://$host$request_uri;
}
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
# snip
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
I put a test file in /var/www/html/acme but it is being redirected:
% curl -Iki http://covid-see.com/.well-known/acme-challenge/test
HTTP/1.1 301 Moved Permanently
Server: nginx/1.21.6
Date: Mon, 20 Jun 2022 11:10:20 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://covid-see.com/.well-known/acme-challenge/test
I suspect I've made a mess of the configuration but I can't figure this out. Please help!
Thank you.