Error while renewing certificate under Nginx + NodeJS

It is having no effect. Still I am finding the url changing to https. As you mentioned I too am foxed as to why it is getting converted to https.

Do you think I should disable these two includes from the SSL server config?

include snippets/ssl-letsnibbl.com.conf;
include snippets/ssl-params.conf;

Contents of ssl-params.conf is the one I put up from which I hashed the add-header settings

and the ssl-letsnibbl.com.conf is

ssl_certificate /etc/letsencrypt/live/letsnibbl.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/letsnibbl.com/privkey.pem;

I tried seeing into the access.log. The last few entries show:

104.130.202.77 - - [06/Jun/2017:06:03:28 +0000] "GET /?SSL_Labs_Renegotiation_Test=User_Agent_May_Not_Show HTTP/1.0" 400 0 "-" "SSL Labs (https://www.ssllabs.com/about/assessment.html)"
104.130.202.77 - - [06/Jun/2017:06:03:28 +0000] "GET /?SSL_Labs_Renegotiation_Test=User_Agent_May_Not_Show HTTP/1.0" 400 0 "-" "SSL Labs (https://www.ssllabs.com/about/assessment.html)"
91.196.50.33 - - [06/Jun/2017:06:06:05 +0000] "GET http://testp3.pospr.waw.pl/testproxy.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0"
173.12.123.89 - - [06/Jun/2017:06:07:09 +0000] "GET /.well-known/acme-challenge/test.txt HTTP/1.1" 404 56 "-" "Wget/1.17.1 (linux-gnu)"

O.K.
I get this now from another system:
wget http://www.letsnibbl.com/.well-known/acme-challenge/test.txt
–2017-06-06 02:08:08-- http://www.letsnibbl.com/.well-known/acme-challenge/test.txt
Resolving www.letsnibbl.com (www.letsnibbl.com)… 52.24.19.208
Connecting to www.letsnibbl.com (www.letsnibbl.com)|52.24.19.208|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 12 [text/plain]

so it seems… better.
Now try renewing.

This entry from the log seems what I am trying

`59.181.96.198 - - [06/Jun/2017:05:59:53 +0000] “GET /.well-known/acme-challenge/test.txt HTTP/2.0” 404 193 “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36”

By renewing do you mean restarting nginx service?

Here is what I did:

Remove the access.log
Restarted nginx service
Typed: sudo certbot renew --dry-run
This is what I get

66.133.109.36 - - [06/Jun/2017:06:13:29 +0000] "GET /.well-known/acme-challenge/jfeBHRDJ9QO5bOWo7G8moX2AFVqLss6t6A89aSBpHDo HTTP/1.1" 404 152 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
66.133.109.36 - - [06/Jun/2017:06:13:29 +0000] "GET /.well-known/acme-challenge/HDs4wtQsWltdszWio97HtzDAej-4-3dlN4uavJnByxQ HTTP/1.1" 404 152 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
49.44.51.141 - - [06/Jun/2017:06:13:56 +0000] "POST /app/api/perf/add HTTP/2.0" 200 260 "https://letsnibbl.com/app" "Mozilla/5.0 (Linux; Android 6.0.1; Moto G Play Build/MPIS24.241-2.47-10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.83 Mobile Safari/537.36"
49.44.51.141 - - [06/Jun/2017:06:13:58 +0000] "GET /app/api/stats/575ebd790a202e1c269931ab HTTP/2.0" 200 254 "https://letsnibbl.com/app" "Mozilla/5.0 (Linux; Android 6.0.1; Moto G Play Build/MPIS24.241-2.47-10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.83 Mobile Safari/537.36"
49.44.51.141 - - [06/Jun/2017:06:13:58 +0000] "GET /app/api/puzzles/total/575ebd790a202e1c269931ab?screenW=360 HTTP/2.0" 304 147 "https://letsnibbl.com/app" "Mozilla/5.0 (Linux; Android 6.0.1; Moto G Play Build/MPIS24.241-2.47-10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.83 Mobile Safari/537.36"
49.44.51.141 - - [06/Jun/2017:06:13:58 +0000] "GET /app/api/pendingtrack/575ebd790a202e1c269931ab HTTP/2.0" 304 147 "https://letsnibbl.com/app" "Mozilla/5.0 (Linux; Android 6.0.1; Moto G Play Build/MPIS24.241-2.47-10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.83 Mobile Safari/537.36"
49.44.51.141 - - [06/Jun/2017:06:13:58 +0000] "GET /app/widget/puzzles/575ebd790a202e1c269931ab?screenW=360 HTTP/2.0" 200 675 "https://letsnibbl.com/app" "Mozilla/5.0 (Linux; Android 6.0.1; Moto G Play Build/MPIS24.241-2.47-10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.83 Mobile Safari/537.36"

in the access.log

This 404 in your logs makes no sense to me - as it provided the file.
Contents "Hello World"

ok this is a longshot...
Try adding "allow all"
Like:
location /.well-known {
alias /var/www/letsnibbl/.well-known;
allow all
}

Finally, I am back to square one. There seems to be some fundamental setting in Nginx that is preventing the http url to go through. It is always auto changing it to https.

Any clue on where I should look for that setting will be helpful.

Thanks,

Finally, I got it working.

I changed the location setting for the .well-known to

location ~ /.well-known {
   allow all;
}

The only difference seems to be putting ~. I am not sure if that matters.

Thanks, rg305 and mnordhoff for the help. Being the first renewal I was anxious. :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.