I developed a simple python flask app to deploy in AWS ubuntu server.I have applied a domain(for example example.com) from godaddy.com. And I run the command to create Let’s Encrypt, but there is error.
(venv) ubuntu2@212…/microblog$ wget https://dl.eff.org/certbot-auto
(venv) ubuntu2@212…/microblog$ chmod a+x ./certbot-auto
(venv) ubuntu2@212…~/microblog$ …/certbot-auto certonly --webroot -w /home/ubuntu2/microblog -d example.com --email example@aa.com
But there is error as following:
Requesting to rerun ./certbot-auto with root privileges…
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example.com
Using the webroot path /home/ubuntu2/microblog for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.com/.well-known/acme-challenge/V9B6Dz7gPx7RhyLmpYIlwYUhs1d4rWJF2HlpJbNbjbY: "<iframe src=“http://mcc.godaddy.com/park/MaO2MaO2LKWaYaOvrt==/fe/M”
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
and the /etc/nginx/sites-enabled/microblog as following
handle static files directly, without forwarding to the application
alias /home/ubuntu2/microblog/static;
expires 30d;
}
location ^~ /.well-known/acme-challenge/ {
default_type “text/plain”;
root /home/ubuntu2/microblog/;
}
location = /.well-known/acme-challenge/ {
return 404;
}
}
I don’t know where is wrong, could you help me solve this issue, thanks!
I deleted the ./certbot-auto file and the following part in /etc/nginx/sites-enabled/microblog. I want to access the site with IP or domain, but now it doesn’t work, although it works before I created Let’s Encrypt. I don’t know why.
hi thanks for your answer.I just associated the Elastic IP (54.95.211.21 ) with the aws Instance
added CNAME to ec2-54-95-211-21.ap-northeast-1.compute.amazonaws.com. The image of my domain information in my godaddy information as shown the following image.
The nginx configuration file for Microblog is as following:
server {
# listen on port 80 (http)
listen 80;
server_name _;
location / {
# redirect any requests to the same URL but on https
return 301 https://$host$request_uri;
}
}
server {
# listen on port 443 (https)
listen 443 ssl;
server_name _;
# location of the self-signed SSL certificate
# write access and error logs to /var/log
access_log /var/log/microblog_access.log;
error_log /var/log/microblog_error.log;
location / {
# forward application requests to the gunicorn server
proxy_pass http://127.0.0.1:8000;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /static {
# handle static files directly, without forwarding to the application
alias /home/ubuntu2/microblog/static;
expires 30d;
}
}
Do you know where the \ in the redirect are coming from?
You can’t configure Nginx to do SSL without a certificate and private key. You should disable the redirect to HTTPS, and disable the entire HTTPS virtual host, until you have one.
Or you can temporarily configure the HTTPS virtual host to use a self-signed certificate.
At the moment, GoDaddy domain forwarding stuff isn’t being used. (And it probably shouldn’t be used.) Nginx on 54.95.211.21 is returning the strange redirect.
-22-219:~/microblog$ sudo nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
configuration file /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
server {
# listen on port 80 (http)
listen 80;
server_name _;
location / {
# redirect any requests to the same URL but on https
return 301 https://$host$request_uri;
}
}
server {
# listen on port 443 (https)
listen 443 ssl;
server_name _;
# location of the self-signed SSL certificate #ssl_certificate /home/ubuntu/microblog2/certs/cert.pem; #ssl_certificate_key /home/ubuntu/microblog2/certs/key.pem;
# write access and error logs to /var/log
access_log /var/log/microblog_access.log;
error_log /var/log/microblog_error.log;
location / {
# forward application requests to the gunicorn server
proxy_pass http://127.0.0.1:8000;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /static {
# handle static files directly, without forwarding to the application
alias /home/ubuntu2/microblog/static;
expires 30d;
}
}