Error about created Let's Encrypt in AWS ubuntu server for flask web deployed

Help
1

I developed a simple python flask app to deploy in AWS ubuntu server.I have applied a domain(for example example.com) from godaddy.com. And I run the command to create Let’s Encrypt, but there is error.

(venv) ubuntu2@212…/microblog$ wget https://dl.eff.org/certbot-auto
(venv) ubuntu2@212…/microblog$ chmod a+x ./certbot-auto
(venv) ubuntu2@212…~/microblog$ …/certbot-auto certonly --webroot -w /home/ubuntu2/microblog -d example.com --email example@aa.com
But there is error as following:

Requesting to rerun ./certbot-auto with root privileges…
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example.com
Using the webroot path /home/ubuntu2/microblog for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. example.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.com/.well-known/acme-challenge/V9B6Dz7gPx7RhyLmpYIlwYUhs1d4rWJF2HlpJbNbjbY: "<iframe src=“http://mcc.godaddy.com/park/MaO2MaO2LKWaYaOvrt==/fe/M

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: example.com
    Type: unauthorized
    Detail: Invalid response from
    http://example.com/.well-known/acme-challenge/V9B6Dz7gPx7RhyLmpYIlwYUhs1d4rWJF2HlpJbNbjbY:
    "<iframe
    src=“http://mcc.godaddy.com/park/MaO2MaO2LKWaYaOvrt==/fe/M

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address.
    and the /etc/nginx/sites-enabled/microblog as following

    server {

    listen on port 80 (http)

    listen 80;
    server_name example.com;
    location / {

    redirect any requests to the same URL but on https

    return 301 https://$host$request_uri;
    }
    }
    server {

    listen on port 443 (https)

    listen 443 ssl;
    server_name example.com;

    location of the self-signed SSL certificate

    #ssl_certificate /home/ubuntu/microblog2/certs/cert.pem;
    #ssl_certificate_key /home/ubuntu/microblog2/certs/key.pem;

    write access and error logs to /var/log

    access_log /var/log/microblog_access.log;
    error_log /var/log/microblog_error.log;
    location / {

    forward application requests to the gunicorn server

    proxy_pass http://127.0.0.1:8000;
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
    location /static {

    handle static files directly, without forwarding to the application

    alias /home/ubuntu2/microblog/static;
    expires 30d;
    }
    location ^~ /.well-known/acme-challenge/ {
    default_type “text/plain”;
    root /home/ubuntu2/microblog/;
    }
    location = /.well-known/acme-challenge/ {
    return 404;
    }
    }
    I don’t know where is wrong, could you help me solve this issue, thanks!

2

I'm not familiar with GoDaddy's actual HTML, but that sounds like the domain is using some type of GoDaddy domain parking, or URL forwarding, service.

You probably should change the DNS records to have an actual A record (and/or AAAA record) for your server's IP, not a GoDaddy service.

What's your real domain?

3

hi thanks for your comments. the domain dns information in godaddy;

11%20AM
Screen Shot 2018-01-28 at 12.55.11 AM.png2110×368 12.9 KB

4

That looks okay, I think.

What’s the domain?

Is that DNS record actually being used?

5

Hi Thanks,! My domain is sciscinet.com

6

I deleted the ./certbot-auto file and the following part in /etc/nginx/sites-enabled/microblog. I want to access the site with IP or domain, but now it doesn’t work, although it works before I created Let’s Encrypt. I don’t know why.

location ^~ /.well-known/acme-challenge/ {
default_type “text/plain”;
root /home/ubuntu2/microblog/;
}
location = /.well-known/acme-challenge/ {
return 404;
}

7

What doesn’t work? What error message are you getting?

At the moment, sciscinet.com and www.sciscinet.com both resolve to 54.95.211.21 from the Internet. (There’s also a CNAME involved.)

http://sciscinet.com/ and http://www.sciscinet.com/ redirect to https://\sciscinet.com\/ and https://\www.sciscinet.com\/ respectively; due to the backslashes, that doesn’t work.

https://sciscinet.com/ and https://www.sciscinet.com/… accept and then immediately terminate connections?

Is that IP correct? Is the site running Nginx? How is Nginx configured?

8

hi thanks for your answer.I just associated the Elastic IP (54.95.211.21 ) with the aws Instance
added CNAME to ec2-54-95-211-21.ap-northeast-1.compute.amazonaws.com. The image of my domain information in my godaddy information as shown the following image.

29%20PM
Screen Shot 2018-01-28 at 7.03.29 PM.png2168×982 113 KB
.

9

and I mainly following this guy’s e-book(https://github.com/miguelgrinberg/microblog) to deploy the flask web in the aws ubuntu server.

The nginx configuration file for Microblog is as following:

server {
# listen on port 80 (http)
listen 80;
server_name _;
location / {
# redirect any requests to the same URL but on https
return 301 https://$host$request_uri;
}
}
server {
# listen on port 443 (https)
listen 443 ssl;
server_name _;
# location of the self-signed SSL certificate
# write access and error logs to /var/log
access_log /var/log/microblog_access.log;
error_log /var/log/microblog_error.log;
location / {
# forward application requests to the gunicorn server
proxy_pass http://127.0.0.1:8000;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /static {
# handle static files directly, without forwarding to the application
alias /home/ubuntu2/microblog/static;
expires 30d;
}
}

10

and when I input the domain name in chrome browser. The error message is as shown in the figure.

56%20PM
Screen Shot 2018-01-28 at 7.07.56 PM.png2382×1346 161 KB

11

Hi Thanks for your help, if you want more information, please tell me!

12

Should I check the Nginx running in the ubuntu server? How to check?

13

Do you know where the \ in the redirect are coming from?

You can’t configure Nginx to do SSL without a certificate and private key. You should disable the redirect to HTTPS, and disable the entire HTTPS virtual host, until you have one.

Or you can temporarily configure the HTTPS virtual host to use a self-signed certificate.

14

I don’t know where the \ come from. The Forwarding image is shown as following:

45%20PM
Screen Shot 2018-01-28 at 7.29.45 PM.png1198×1226 68.1 KB

15

At the moment, GoDaddy domain forwarding stuff isn’t being used. (And it probably shouldn’t be used.) Nginx on 54.95.211.21 is returning the strange redirect.

16

Hi Thanks! Now the IP information is changed to ‘Forwarded’ as shown in the image. I don’t know why or another row(A type) is deleted .

25%20PM
Screen Shot 2018-01-28 at 7.36.25 PM.png1996×396 15.2 KB

17

before I created Let’s Encrypt. I just created A type to point to the IP, it is ok. But now it doesn’t work.

18

Created what?

Now what doesn’t work?

Could you upload your entire Nginx configuration? “nginx -T” can display it.

19

-22-219:~/microblog$ sudo nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

configuration file /etc/nginx/nginx.conf:

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
worker_connections 768;
# multi_accept on;
}

http {

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;
gzip_disable "msie6";

# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

}

#mail {

# See sample authentication script at:

# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript

# auth_http localhost/auth.php;

# pop3_capabilities “TOP” “USER”;

# imap_capabilities “IMAP4rev1” “UIDPLUS”;

server {

listen localhost:110;

protocol pop3;

proxy on;

}

server {

listen localhost:143;

protocol imap;

proxy on;

}

#}

configuration file /etc/nginx/mime.types:

types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;

text/mathml                           mml;
text/plain                            txt;
text/vnd.sun.j2me.app-descriptor      jad;
text/vnd.wap.wml                      wml;
text/x-component                      htc;

image/png                             png;
image/tiff                            tif tiff;
image/vnd.wap.wbmp                    wbmp;
image/x-icon                          ico;
image/x-jng                           jng;
image/x-ms-bmp                        bmp;
image/svg+xml                         svg svgz;
image/webp                            webp;

application/font-woff                 woff;
application/java-archive              jar war ear;
application/json                      json;
application/mac-binhex40              hqx;
application/msword                    doc;
application/pdf                       pdf;
application/postscript                ps eps ai;
application/rtf                       rtf;
application/vnd.apple.mpegurl         m3u8;
application/vnd.ms-excel              xls;
application/vnd.ms-fontobject         eot;
application/vnd.ms-powerpoint         ppt;
application/vnd.wap.wmlc              wmlc;
application/vnd.google-earth.kml+xml  kml;
application/vnd.google-earth.kmz      kmz;
application/x-7z-compressed           7z;
application/x-cocoa                   cco;
application/x-java-archive-diff       jardiff;
application/x-java-jnlp-file          jnlp;
application/x-makeself                run;
application/x-perl                    pl pm;
application/x-pilot                   prc pdb;
application/x-rar-compressed          rar;
application/x-redhat-package-manager  rpm;
application/x-sea                     sea;
application/x-shockwave-flash         swf;
application/x-stuffit                 sit;
application/x-tcl                     tcl tk;
application/x-x509-ca-cert            der pem crt;
application/x-xpinstall               xpi;
application/xhtml+xml                 xhtml;
application/xspf+xml                  xspf;
application/zip                       zip;

application/octet-stream              bin exe dll;
application/octet-stream              deb;
application/octet-stream              dmg;
application/octet-stream              iso img;
application/octet-stream              msi msp msm;

application/vnd.openxmlformats-officedocument.wordprocessingml.document    docx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet          xlsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation  pptx;

audio/midi                            mid midi kar;
audio/mpeg                            mp3;
audio/ogg                             ogg;
audio/x-m4a                           m4a;
audio/x-realaudio                     ra;

video/3gpp                            3gpp 3gp;
video/mp2t                            ts;
video/mp4                             mp4;
video/mpeg                            mpeg mpg;
video/quicktime                       mov;
video/webm                            webm;
video/x-flv                           flv;
video/x-m4v                           m4v;
video/x-mng                           mng;
video/x-ms-asf                        asx asf;
video/x-ms-wmv                        wmv;
video/x-msvideo                       avi;

}

configuration file /etc/nginx/sites-enabled/microblog:

server {
# listen on port 80 (http)
listen 80;
server_name _;
location / {
# redirect any requests to the same URL but on https
return 301 https://$host$request_uri;
}
}
server {
# listen on port 443 (https)
listen 443 ssl;
server_name _;
# location of the self-signed SSL certificate
#ssl_certificate /home/ubuntu/microblog2/certs/cert.pem;
#ssl_certificate_key /home/ubuntu/microblog2/certs/key.pem;
# write access and error logs to /var/log
access_log /var/log/microblog_access.log;
error_log /var/log/microblog_error.log;
location / {
# forward application requests to the gunicorn server
proxy_pass http://127.0.0.1:8000;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /static {
# handle static files directly, without forwarding to the application
alias /home/ubuntu2/microblog/static;
expires 30d;
}
}

20

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.