Error getting ACME certs on RT-N16 with nginx

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:novomirovna.asuscomm.com

I ran this command:bash ./dehydrated --domain novomirovna.asuscomm.com --cron

It produced this output:

INFO: Using main config file /tmp/mnt/sda/entware/etc/nginx/config

Processing novomirovna.asuscomm.com

My web server is (include version):nginx version: nginx/1.12.1

The operating system my web server runs on is (include version) Entware-ng

My hosting provider, if applicable, is:NetbyNet

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):no

2

Hi @bigAboo80,

It looks like you or your ISP is blocking inbound port 80 connections with a firewall, so that the public can’t connect to your server. Can you get that blocking removed? Inbound port 80 connections from the Internet are necessary for this validation method.

1 Like
3

I was able to get a response on port 80 a couple of times, but then it started dropping traffic after that.

So perhaps it’s not a blocked port but “fail2ban”-like behavior or a device that can’t handle simultaneous requests well.

4

In general, I thought about this, it will be necessary to check with the provider, but when I turned off router firewall, I received another message. Here it is
ERROR: Challenge is invalid! (returned: invalid) (result: {
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “Invalid response from http://novomirovna.asuscomm.com/.well-known/acme-challenge/pTiJPDZYpzyvm3z8_B33D_rLzZoPsh70xeKhvGWCHHs [95.220.7.166]: “\u003chtml\u003e\r\n\u003chead\u003e\u003ctitle\u003e404 Not Found\u003c/title\u003e\u003c/head\u003e\r\n\u003cbody bgcolor=\“white\”\u003e\r\n\u003ccenter\u003e\u003ch1\u003e404 Not Found\u003c/h1\u003e\u003c/center\u003e\r\n\u003chr\u003e\u003ccenter\u003e””,
“status”: 403
},
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/95323468/bL0KWw”,
“token”: “pTiJPDZYpzyvm3z8_B33D_rLzZoPsh70xeKhvGWCHHs”,
“validationRecord”: [
{
“url”: “http://novomirovna.asuscomm.com/.well-known/acme-challenge/pTiJPDZYpzyvm3z8_B33D_rLzZoPsh70xeKhvGWCHHs”,
“hostname”: “novomirovna.asuscomm.com”,
“port”: “80”,
“addressesResolved”: [
“95.220.7.166”
],
“addressUsed”: “95.220.7.166”
}
]
})

5

That does seem like more progress toward getting your certificate. :slight_smile:

How is dehydrated trying to prove your control over the domain? What have you told it about your configuration or environment?

6

Where I can see this ?

7

What did dehydrated ask or tell you about authentication when you first ran it? Did you create any other configuration for it?

1 Like
8

No, I did’t create other configuration for dehydrated.
I уdit two sections at /opt/etc/nginx/nginx.conf :

  • in server section:

server_name "novomirovna.asuscomm.com";

  • in location section:

root /opt/share/nginx/html;

9

You were right, problem was in config file, I remove something & dehydrated works well!) Thanx.

10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.