Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):nginx/1.8.0
The operating system my web server runs on is (include version):ubuntu 14.04.2
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no
It seems that certbot can’t adequately handle your request.
I will be treating this as a new cert request with the understanding that your current site has a valid cert that is good for 5 more months. If that is NOT the case, please update the ticket.
As a first test I would like to see if the vhost configuration is clean and clear.
Please post: nginx -T
and/or at least: nginx -T | grep -Ei 'server_name|rewrite|listen|location'
nginx -T just displays your entire configuration, starting from nginx.conf and showing all included files. You can achieve the same thing by carefully manually reading it.
Edit: On second thought, upgrading Ngixn with Phusion Passenger might involve different steps.
There may be a slight conflict with these two (both using “_”): /etc/nginx/sites-available/orsedd.conf: server_name api.orsedd.com *.orsedd.com orsedd.govannon.net _; /etc/nginx/sites-available/default: server_name _;
OK the conflicts are irrelevant; as the /etc/nginx/sites-available/default file does not appear to be enabled.
So that leaves is with: /etc/nginx/sites-available/orsedd.conf: listen 8080; server_name api.orsedd.com *.orsedd.com orsedd.govannon.net _; root /var/rails/orsedd/current/public;
This is where I would say “put a file in that folder and let’s see if we can access it from the Internet…”
But since it only listens to port 8080 it will not serve us well for LE authentication.
So, you can either add another vhost config file to handle the site interface.orsedd.com or you can also listen on port 80 on that vhost config file.
Which do you prefer?
[or perhaps you prefer some other option]
sudo certbot --webroot -w /var/rails/orsedd_interface/current/public -d interface.orsedd.com certonly --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for interface.orsedd.com
Using the webroot path /var/rails/orsedd_interface/current/public for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. interface.orsedd.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://interface.orsedd.com/.well-known/acme-challenge/qEQI6drxrOCZcDFfjLNjkjfbXzUbf2OU7TDFK6zz3dQ: "<!DOCTYPE html>\n<html>\n<head>\n <title>The page you were looking for doesn't exist (404)</title>\n <style type=\"text/css\">\n b"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: interface.orsedd.com
Type: unauthorized
Detail: Invalid response from
http://interface.orsedd.com/.well-known/acme-challenge/qEQI6drxrOCZcDFfjLNjkjfbXzUbf2OU7TDFK6zz3dQ:
"<!DOCTYPE html>\n<html>\n<head>\n <title>The page you were
looking for doesn't exist (404)</title>\n <style
type=\"text/css\">\n b"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
That was fruitless - we may have to return there with more verbose output…
But in the meantime, lets try going back to then nginx plugin but this time force the challenge location:
vi /etc/nginx/sites-available/orsedd_interface80.conf
root@core2:~# sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
root@core2:~# service nginx reload
* Reloading nginx configuration nginx [ OK ]
root@core2:~# sudo certbot --nginx -d interface.orsedd.com certonly --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for interface.orsedd.com
Using default addresses 80 and [::]:80 ipv6only=on for authentication.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. interface.orsedd.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://interface.orsedd.com/.well-known/acme-challenge/et1XkoLzGKBVRIxr_TDlD_DD0bYC1H-bSpWcARKB7dI: "<!DOCTYPE html>\n<html>\n<head>\n <title>The page you were looking for doesn't exist (404)</title>\n <style type=\"text/css\">\n b"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: interface.orsedd.com
Type: unauthorized
Detail: Invalid response from
http://interface.orsedd.com/.well-known/acme-challenge/et1XkoLzGKBVRIxr_TDlD_DD0bYC1H-bSpWcARKB7dI:
"<!DOCTYPE html>\n<html>\n<head>\n <title>The page you were
looking for doesn't exist (404)</title>\n <style
type=\"text/css\">\n b"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
The location is being completely ignored! http://interface.orsedd.com/.well-known/acme-challenge/gibberish
should return error 405
But it still returns error 404