Check webserver config for missing "/" in redirect target

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: certbot renew

It produced this output: 1renew failure
– invalid host in redirect target “example.domain.com.well-known”.
Check webserver config for missing “/” in redirect target –
NGINX work fine. I only can’t renew the certificates.

My web server is (include version): nginx 1.14.0

The operating system my web server runs on is (include version): BSD

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):0.27.1

Hi @f.raffa, welcome to the community forum.

Can you please share your nginx config? One way you can find this is to run nginx -T on the server and share the result.

server {
    # Listen on ipv4
    listen 80;
#ipv6
    listen [::]:80;

     server_name mail.domain.com;

    # Redirect all insecure http:// requests to https://
     return 301 https://$host$request_uri;

}


and 


server {
    listen 443;
    server_name mail.domain.com;

    root /var/www/;
    index index.php index.html;

include......

}
1 Like

Hi @f.raffa

looks like you need

https://$host/$request_uri;

Then recheck your domain, perhaps use online tools like https://check-your-website.server-daten.de/ to check, if the redirect is now correct. No Grade R should be visible.

1 Like

I modified

https: // host / request_uri;
but the problem persists
very strange

Please share your domain name.

You can't check such things with your browser, there is too much caching.

mail.idecoweb.com

I have already had problems with the first certificate renewal, but one morning, without any changes, I have renewed it.
Now that it is renewed again and I am having the same problem again

Did you restart/reload Nginx after making this change?

There is a new check of your domain - https://check-your-website.server-daten.de/?q=mail.idecoweb.com

First, there you see the problem - a Grade R in the last row:

Domainname Http-Status redirect Sec. G
http://mail.idecoweb.com/
92.223.140.44 302 https://mail.idecoweb.com 0.090 A
https://mail.idecoweb.com/
92.223.140.44 200 0.783 B
small content:
| || |• https://mail.idecoweb.com|200||0.444|B| |small content: | || |• http://mail.idecoweb.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 92.223.140.44|302|https://mail.idecoweb.com.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de|0.090|A| |Visible Content: Found The document has moved here .| || |• https://mail.idecoweb.com.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de|-1||0.817|R| |NameResolutionFailure - The remote name could not be resolved: 'mail.idecoweb.com.well-known'|

But the real problem:

A Info: Different Server-Headers found

Your http is an Apache

Server: Apache/2.4.39 (FreeBSD) OpenSSL/1.1.1a-freebsd PHP/7.2.19

your https a nginx:

Server: nginx

The redirect comes from your Apache, so check that definition.

Is it really required to run two different server?

1 Like

That's already correct -- $request_uri includes a /.

the goal was to pass everything on the nginx server.
is what I was trying to do besides renewing the mail server certificates.
now how could I solve?

You can use such a configuration.

But then you have to check your Apache port 80 vHost, not your (not used) nginx port 80.

IT WORKS!
lacked the / apache ending …
days of work and I hadn’t noticed :frowning:

now all I have to do is configure the websites in nginx

THANK YOU!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.