Failed both renew and new cert

sundrik · January 4, 2020, 3:27pm

I use this command to renew cert:
sudo certbot certonly --webroot -w /var/www/html -d domain.xx -d www.domain.xx

I get this error
Detail: Invalid response from
http://www.domain.xx/.well-known/acme-challenge/VocRf2hD_egNkF6ck8ZuaPgTJEwk

My nginx settings have this settings for SSL configurration:
location /.well-known {
allow all;
root /var/www/html;
}

I made a file called “testfile123” in this folder “/var/www/html/.well-known/acme-challenge/” and can access it by typing in this URL “www.domain.xx/.well-known/acme-challenge/testfile123”

This is my full server config:
upstream server {

    server unix:/home/user/projects/site/gunicorn.sock fail_timeout=10s;

}

server {
listen 8002;
listen [::]:80;

    # Redirect non-https traffic to https
    if ($scheme != "https") {
            return 301 https://$host$request_uri;
    }

}

server {
listen 443 ssl;
access_log /home/user/projects/logs/site_access.log;
error_log /home/user/projects/logs/site_error.log info;

    server_name domain.xx www.domain.xx;
    client_max_body_size 10M;

    # RSA certificate
    ssl_certificate /etc/letsencrypt/live/domain.xx/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain.xx/privkey.pem;

    include /etc/letsencrypt/options-ssl-nginx.conf;

    location / {

    proxy_pass http://unix:/home/user/projects/site/gunicorn.sock;

    proxy_pass_header Server;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Real-IPP $remote_addr;
    proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;

    }

    location /static {

            alias /home/user/projects/site/static;

    }

location /media {

            alias /home/user/projects/site/site/media;

    }

    # SSL Configuration
    location  /.well-known {
            allow all;
            root /var/www/html;
    }

}

stevenzhu · January 4, 2020, 7:34pm

Hi,

Could you try to provide your domain?
Also, are you running the website on port 8002 instead of port 80?

Thank you

mnordhoff · January 4, 2020, 7:56pm

Additionally, what was the complete and unedited output from Certbot?

sundrik · January 5, 2020, 2:41pm

Hi,

I route incoming port 80 to my server which is running on port 8002 via gunicorn.

You can see that I reroute all HTTP traffic to HTTPS traffic. Can this be the issue?

stevenzhu · January 5, 2020, 3:07pm

Hi,

I can’t know what’s the issue specifically, because I can’t see your website.

However, seeing your configuration made me confused…
You said you’ve put the token file in /var/www/html/.well-known/acme-challenge/ and you could still see the file. But your root for /.well-known/ is actually in /var/www/html/, which shouldn’t made the actual file location be /var/www/html/acme-challenge/?

Thank you

system · February 4, 2020, 3:14pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certbot Fails to Renew SSL - 404 on .well-known/acme-challenge Help	19	179	November 22, 2024
Cannot generate new certificates \| Invalid response /.well-known/acme-challenge/XXX \| Challenge failed for domain Help	20	2238	April 14, 2024
Error with renew: Invalid response Help	18	1675	October 16, 2022
Can’t certbot renew in nginx - files are accessible Help	5	1059	March 8, 2018
Renew problems with nginx and certbot Server	2	1136	August 2, 2017

Failed both renew and new cert

Related topics