Error when i'm trying to install LE on digitalocean


#1

my domain is gamebanquyen.vn
and my domain dns config + error

this is first time i trying to install LE on my website. thank


#2

For some reason (and I am very interested in your reasoning behind it) you removed the following questions which were prompted when you started your thread. Please don’t do that and provide as much as information as possible:

Please fill out the fields below so we can help you better.

My domain is:

I ran this command:

It produced this output:

My operating system is (include version):

My web server is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#3

My domain is: gamebanquyen.vn

I ran this command: certbot-auto certonly -a webroot --webroot-path=/usr/share/nginx/html -d example.com -d www.example.com

It produced this output: http://i.imgur.com/eHtk2NI.png

My operating system is (include version): windows 10

My web server is (include version): firefox 51

My hosting provider, if applicable, is: digitalocean

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


#4

are you sure that’s the command you ran ? with example.com ?

I’m guessing your command was something more like

certbot-auto certonly -a webroot --webroot-path=/usr/share/nginx/html -d gamebanquyen.vn -d www.gamebanquyen.vn

is that correct ?

Is that the correct webroot path ?

Again I’m going to guess “nginx v1.4.6” … is that correct ?

Can you run

echo “plain text” > /usr/share/nginx/html/.well-known/acme-challenge/test

please, so that it’s then possible to reach the file at gamebanquyen.vn/.well-known/acme-challenge/test if my assumptions above are correct.


#5

yep and it say no such file or directory after i run echo…
and in my /usr/share/nginx/html/.well-known/ it dont have acme-challenge/test


#6

OK - does the /usr/share/nginx/html/.well-known folder exist ?

if not, can you run

mkdir -p /usr/share/nginx/html/.well-known/acme-challenge

before running the command

echo “plain text” > /usr/share/nginx/html/.well-known/acme-challenge/test


#7

now, echo run without problem


#8

I suspect that your webroot path is oncorrect then - because http://gamebanquyen.vn/.well-known/acme-challenge/test does not give a “plain text” response.

What is the path to the “index” file of your website ?


#9

/var/www/ (wordpress)


#10

OK - so if you run

mkdir -p /var/www/.well-known/acme-challenge

and

echo “plain text” > /var/www/.well-known/acme-challenge/test2

can you then reach http://gamebanquyen.vn/.well-known/acme-challenge/test2 ?


#11

i’m forgot, index path is /var/www/html/

and

http://gamebanquyen.vn/.well-known/acme-challenge/test2 have file has “plain text” on it


#12

OK … so the command you should be running to obtain a certifcate is

certbot-auto certonly -a webroot --webroot-path=/var/www/html -d gamebanquyen.vn -d www.gamebanquyen.vn

assuming you want a certificate for both gamebanquyen.vn and www.gamebanquyen.vn


#13

no, just gamebanquyen.vn and thank for you help, it worked for now

i think when i follow the guide, it dont mention mkdir .well-known/… so i create .well-know (dont have n)

thank :slight_smile:


#14

That’s not the problem. The problem was the incorrect webroot path, or, as you called it, “index path”. In the first post, you provided certbot with /usr/share/nginx/htm/ (why?). But your webroot path actually was /var/www/html/. This caused the error.

Also, if you don’t specify www.gamebanquyen.vn as one of the domains, people will get a security error when trying to connect to that FQDN through HTTPS.


#15

my /etc/nginx/sites-available/default

server {
listen 443 ssl;

    server_name gamebanquyen.vn www.gamebanquyen.vn;

    ssl_certificate /etc/letsencrypt/live/gamebanquyen.vn/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/gamebanquyen.vn/privkey.pem;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers ‘ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA’;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;

root /var/www/html;
index index.php index.html index.htm;

server_name gamebanquyen.vn;

location / {
    try_files $uri $uri/ =404;
}

error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
    root /usr/share/nginx/html;
}

location ~ \.php$ {
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
}

location ~ /.well-known {
allow all;
}

}
server {
listen 80;
server_name gamebanquyen.vn www.gamebanquyen.vn;
return 301 https://$host$request_uri;
}

and when i test it dont have A+ https://www.ssllabs.com/ssltest/analyze.html?d=gamebanquyen.vn


#16

and when i access my website, lock icon change from green to yellow !


#17

You include various things via http

Insecure URL: http://128.199.153.123/wp-content/uploads/2017/01/GBQ-2-05.jpg
Insecure URL: http://128.199.153.123/wp-content/uploads/2017/01/GBQ-2-04.jpg
Insecure URL: http://128.199.153.123/wp-content/uploads/2017/01/hum-01.jpg

You need to ensure everything is included via https for a green icon.


#18

done, but my post, shop, category seems like can’t access anymore. did i need use htaccess permanent 301 change http to https ?


#19

I don’t understand what you mean by the “my post, shop, category seems like can’t access anymore” as I have no idea what the location of these are. Can you provide links and more detail please.


#20

https://gamebanquyen.vn/category/bundle/
https://gamebanquyen.vn/ps4-pro-che-do-boost-tang-hieu-nang-game-khong-can-ban-cap-nhat/

404 Not Found