Failed authorization procedure - Nginx - Ubuntu 14.04


#1

Hello,

This day, i clone the git … to attempt my adventure with Let’s Encrypt :stuck_out_tongue:
I’ve nginx onto Ubuntu 14.04 server. Accessible: stephane-huc.net!

I’ve setted my nginx config file as:

location '/.well-known/acme-challenge' {
        allow all;
        default_type "text/plain";
        root /srv/www/mydomain/www;
        try_files $uri /$1;
}

I created my letsencrypt.config.ini, as:

# We use a 4096 bit RSA key instead of 2048
rsa-key-size = 4096

email = webmaster@stephane-huc.net
domains = stephane-huc.net, www.stephane-huc.net

authenticator = webroot

# This is the webroot directory of your domain in which
# letsencrypt will write a hash in /.well-known/acme-challenge directory.

webroot-path = /srv/www/mydomain/www

(In reality, this directory not exists in my server… it’s just to help to understand)

And i’ve this error -boo- :’(

[quote]$ sudo ./letsencrypt/letsencrypt-auto certonly --email webmaster@stephane-huc.net --agree-tos --config LetsEncrypt.config.ini
[sudo] password for zou:
Checking for new version…
Requesting root privileges to run letsencrypt…
/home/zou/.local/share/letsencrypt/bin/letsencrypt certonly --email webmaster@stephane-huc.net --agree-tos --config LetsEncrypt.config.ini
Failed authorization procedure. stephane-huc.net (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to `http://stephane-huc.net/.well-known/acme-challenge/TicXQHqi0uP6PmETcsJnfJPS6OXP5-3sEtD8cM2m9aU, -www.stephane-huc.net (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Could not connect to -http://www.stephane-huc.net/.well-known/acme-challenge/TZIo_Ixkt9JVhbgtC0KR1fbWSRAJjm0-Xf_jjw2UrPk

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: stephane-huc.net
    Type: connection
    Detail: Could not connect to `http://stephane-huc.net/.well-known
    /acme-challenge/TicXQHqi0uP6PmETcsJnfJPS6OXP5-3sEtD8cM2m9aU

    Domain: `www.stephane-huc.net
    Type: connection
    Detail: Could not connect to -http://www.stephane-huc.net/.well-
    known/acme-challenge/TZIo_Ixkt9JVhbgtC0KR1fbWSRAJjm0-Xf_jjw2UrPk

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If you’re using the webroot plugin, you should also verify
    that you are serving files from the webroot path you provided.
    [/quote]

`www.stephane-huc.net is redirected [301] onto stephane-huc.net
If you pointing onto stephane-huc.net/.well-know, it’s ok!

An idea?!


#2

Could you try putting a test file in /srv/www/mydomain/www/.well-known/acme-challenge/ and see if it’s properly served when you request it from your browser?

Redirects should generally work.


#3

As you see: http://stephane-huc.net/.well-known/acme-challenge/test.html
(Just a character ‘1’ into the file … )

I remark, when i lunch the script, it delete all times the directory acme-challenge. Normal?


#4

Looks good to me. Have you tried running it again? The server returned a general connection error, maybe it was a temporary network hiccup. Are there any firewall rules, country block lists or what not that might interfere with the HTTP connection from Let’s Encrypt’s CA server?

Yep, I think the client cleans up after itself. :wink:


#5

Normally, not!
But, it’s only open for 80 into INPUT, and ESTABLISHED, or RELATED connections.
And OUTPUT, 80, 443 autorized


I stopped my iptables rules, relaunch script and it congratulate me! tsss…
What’s the problem?