I ran this command: sudo certbot --nginx -d ibl.stipworld.com
I also tried this: sudo certbot --nginx --webroot-path=/usr/share/nginx/html -d ibl.stipworld.com
and this: sudo certbot --nginx --webroot-path=/var/www/html -d ibl.stipworld.com
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ibl.stipworld.com
Using default address 80 for authentication.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. ibl.stipworld.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://ibl.stipworld.com/.well-known/acme-challenge/GAd-wK-LmhBKIGk_BsvhbTQin0rNJ7IkMiP1HnnWZME: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: ibl.stipworld.com
Type: unauthorized
Detail: Invalid response from
http://ibl.stipworld.com/.well-known/acme-challenge/GAd-wK-LmhBKIGk_BsvhbTQin0rNJ7IkMiP1HnnWZME:
"<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is: Apache/2.4.6 (CentOS) which proxy pass requests on port 80 to nginx/1.14.0
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
I trying to proxy pass requests on port 80 to nginx with this apache conf:
–http-01-port 9093 did the trick!
just another question: how to manage the automatic renew of the certificate now? Seems like sudo certbot renew --dry-run fails.
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator nginx, Installer nginx
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ibl.stipworld.com
Using default address 9093 for authentication.
nginx: [warn] conflicting server name “ibl.stipworld.com” on 0.0.0.0:9093, ignored
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (ibl.stipworld.com) from /etc/letsencrypt/renewal/ibl.stipworld.com.conf produced an unexpected error: Failed authorization procedure. ibl.stipworld.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://ibl.stipworld.com/.well-known/acme-challenge/D0AGeHbi1HVR58HetgQHbFen6l2_K_qh-VLFI1a5o9k: “\n\n502 Proxy Error\n\n
Proxy Error</h1”. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/stipworld.com/fullchain.pem (failure)
/etc/letsencrypt/live/ibl.stipworld.com/fullchain.pem (failure)