my domain is gamebanquyen.vn
and my domain dns config + error
this is first time i trying to install LE on my website. thank
For some reason (and I am very interested in your reasoning behind it) you removed the following questions which were prompted when you started your thread. Please donât do that and provide as much as information as possible:
Please fill out the fields below so we can help you better.
My domain is:
I ran this command:
It produced this output:
My operating system is (include version):
My web server is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I donât know):
Iâm using a control panel to manage my site (no, or provide the name and version of the control panel):
My domain is: gamebanquyen.vn
I ran this command: certbot-auto certonly -a webroot --webroot-path=/usr/share/nginx/html -d example.com -d www.example.com
It produced this output: http://i.imgur.com/eHtk2NI.png
My operating system is (include version): windows 10
My web server is (include version): firefox 51
My hosting provider, if applicable, is: digitalocean
I can login to a root shell on my machine (yes or no, or I donât know): yes
Iâm using a control panel to manage my site (no, or provide the name and version of the control panel): no
are you sure that's the command you ran ? with example.com ?
I'm guessing your command was something more like
certbot-auto certonly -a webroot --webroot-path=/usr/share/nginx/html -d gamebanquyen.vn -d www.gamebanquyen.vn
is that correct ?
Is that the correct webroot path ?
Again I'm going to guess "nginx v1.4.6" ... is that correct ?
Can you run
echo "plain text" > /usr/share/nginx/html/.well-known/acme-challenge/test
please, so that it's then possible to reach the file at gamebanquyen.vn/.well-known/acme-challenge/test if my assumptions above are correct.
yep and it say no such file or directory after i run echoâŚ
and in my /usr/share/nginx/html/.well-known/ it dont have acme-challenge/test
OK - does the /usr/share/nginx/html/.well-known folder exist ?
if not, can you run
mkdir -p /usr/share/nginx/html/.well-known/acme-challenge
before running the command
echo "plain text" > /usr/share/nginx/html/.well-known/acme-challenge/test
now, echo run without problem
I suspect that your webroot path is oncorrect then - because http://gamebanquyen.vn/.well-known/acme-challenge/test does not give a âplain textâ response.
What is the path to the âindexâ file of your website ?
/var/www/ (wordpress)
OK - so if you run
mkdir -p /var/www/.well-known/acme-challenge
and
echo "plain text" > /var/www/.well-known/acme-challenge/test2
can you then reach http://gamebanquyen.vn/.well-known/acme-challenge/test2 ?
iâm forgot, index path is /var/www/html/
and
http://gamebanquyen.vn/.well-known/acme-challenge/test2 have file has âplain textâ on it
OK .... so the command you should be running to obtain a certifcate is
certbot-auto certonly -a webroot --webroot-path=/var/www/html -d gamebanquyen.vn -d www.gamebanquyen.vn
assuming you want a certificate for both gamebanquyen.vn and www.gamebanquyen.vn
no, just gamebanquyen.vn and thank for you help, it worked for now
i think when i follow the guide, it dont mention mkdir .well-known/⌠so i create .well-know (dont have n)
thank 
1 Like
That's not the problem. The problem was the incorrect webroot path, or, as you called it, "index path". In the first post, you provided certbot with /usr/share/nginx/htm/ (why?). But your webroot path actually was /var/www/html/. This caused the error.
Also, if you don't specify www.gamebanquyen.vn as one of the domains, people will get a security error when trying to connect to that FQDN through HTTPS.
my /etc/nginx/sites-available/default
server {
listen 443 ssl;
server_name gamebanquyen.vn www.gamebanquyen.vn;
ssl_certificate /etc/letsencrypt/live/gamebanquyen.vn/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/gamebanquyen.vn/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers âECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHAâ;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
root /var/www/html;
index index.php index.html index.htm;
server_name gamebanquyen.vn;
location / {
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /.well-known {
allow all;
}
}
server {
listen 80;
server_name gamebanquyen.vn www.gamebanquyen.vn;
return 301 https://$host$request_uri;
}
and when i test it dont have A+ https://www.ssllabs.com/ssltest/analyze.html?d=gamebanquyen.vn
and when i access my website, lock icon change from green to yellow !
You include various things via http
Insecure URL: http://128.199.153.123/wp-content/uploads/2017/01/GBQ-2-05.jpg
Insecure URL: http://128.199.153.123/wp-content/uploads/2017/01/GBQ-2-04.jpg
Insecure URL: http://128.199.153.123/wp-content/uploads/2017/01/hum-01.jpg
You need to ensure everything is included via https for a green icon.
done, but my post, shop, category seems like canât access anymore. did i need use htaccess permanent 301 change http to https ?
I donât understand what you mean by the âmy post, shop, category seems like canât access anymoreâ as I have no idea what the location of these are. Can you provide links and more detail please.