Yeah I know, it obviously gets trumped at the Hitron router
Ok so I need to turn off dhcp on the hitron external router and then hardcode the linksys router ip to 192.168.0.12, right?
I cant find where to code the IP onto the linksys router thoughâŚoh ok I found this when I change it to Static IP:
But is this correct? I will turn off DHCP on the hitron external, and therefore tell the internal linksys router to use that fixed local ip.
can i make a small suggestion that you take this to a linksys forum
it seems that your challenge is a network configuration and most of the last posts have been about network setup rather than certificate issuance
@rg305 has pointed you in what you need to configure and test from a network point of view to obtain certificates - once this is done and working then if things are still not going as expected and itâs not a linksys router rather a client issue then add a new post
Andrei
Hi guys,
I was able to get the public ip thing sorted out. Here is what I get now:
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for butler.santiapps.com
Waiting for verification...
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/butler.santiapps.com.conf produced an unexpected error: Failed authorization procedure. butler.santiapps.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://butler.santiapps.com/.well-known/acme-challenge/f8p4AFomcssg7mk-gs-qn-vwX9q8AxFr_-uglpfJ_BE: "<html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><cen". Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/butler.santiapps.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: butler.santiapps.com
Type: unauthorized
Detail: Invalid response from
http://butler.santiapps.com/.well-known/acme-challenge/f8p4AFomcssg7mk-gs-qn-vwX9q8AxFr_-uglpfJ_BE:
"<html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><cen"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Do you know which device is returning the 502 error?
No, how do I identify that?
Iâm not sureâmaybe look at error log files on each device?
ok I just ran a test now and I got this in the www/butler.santiapps.com/logs/error.log:
2017/05/11 16:24:09 [error] 536#0: *5 connect() failed (113: No route to host) while connecting to upstream, client: 54.159.203.187, server: butler.santiapps.com, request: $
2017/05/11 16:24:09 [error] 536#0: *5 open() "/www/butler.santiapps.com/aism/50x.html" failed (2: No such file or directory), client: 54.159.203.187, server: butler.santiap$
2017/05/11 16:37:40 [error] 536#0: *7 connect() failed (113: No route to host) while connecting to upstream, client: 54.224.155.160, server: butler.santiapps.com, request: $
2017/05/11 16:37:40 [error] 536#0: *7 open() "/www/butler.santiapps.com/aism/50x.html" failed (2: No such file or directory), client: 54.224.155.160, server: butler.santiap$
2017/07/24 21:08:37 [error] 537#0: *3 connect() failed (111: Connection refused) while connecting to upstream, client: 139.162.113.204, server: butler.santiapps.com, reques$
2017/07/24 21:08:37 [error] 537#0: *3 open() "/www/butler.santiapps.com/50x.html" failed (2: No such file or directory), client: 139.162.113.204, server: butler.santiapps.c$
2017/07/25 04:50:49 [error] 537#0: *56 connect() failed (111: Connection refused) while connecting to upstream, client: 74.82.47.2, server: butler.santiapps.com, request: "$
2017/07/25 04:50:49 [error] 537#0: *56 open() "/www/butler.santiapps.com/50x.html" failed (2: No such file or directory), client: 74.82.47.2, server: butler.santiapps.com, $
2017/07/25 07:38:20 [error] 537#0: *68 connect() failed (111: Connection refused) while connecting to upstream, client: 185.35.63.147, server: butler.santiapps.com, request$
2017/07/25 07:38:20 [error] 537#0: *68 open() "/www/butler.santiapps.com/50x.html" failed (2: No such file or directory), client: 185.35.63.147, server: butler.santiapps.co$
I donât think thatâs the right device (or else that log isnât very detailed).
Edit: Well, it does seem potentially related to a 502 error but itâs still not very detailed.
thats the raspberry pi device. Its on an nginx serverâŚIm checking 192.168.1.53 (pi) from the browser and I get http 500 internal server error
Yup, was about to say, thatâs definitely an nginx log complaining about the fact that itâs got some proxy_pass or upstream directive, often seen with UWSGI setups. (e.g. Django) You need to fix your nginx config. A common problem with this if youâre using named pipes in for your upstream is for selinux to be blocking access to the pipe. However I think that usually comes up as permission denied. Iâd need to see the rest of the truncated log lines to be sure, but Iâm guessing youâre connecting over some network address to a service that doesnât want to talk to nginxâs requests as passed along from Letâs Encrypt.
At the very least, you should be able to set up a server block for location /.well-known/acme-challenge pointing to a directory instead of upstream.
Ok:
- I followed a tutorial for setting up nginx of a hosting provider (digitalocean i think) so thatâs probably you mentioned django.
- I dont know what named pipes are
ok here is my config file:
server {
listen 80;
listen [::]:80;
server_name butler.santiapps.com;
root /www/butler.santiapps.com;
index index.php index.html index.htm;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
# Error & Access logs
error_log /www/butler.santiapps.com/logs/error1.log error;
access_log /www/butler.santiapps.com/logs/access1.log;
location / {
index index.html index.php default.html;
proxy_pass http://192.168.1.53:80;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name butler.santiapps.com;
ssl_certificate /etc/letsencrypt/live/butler.santiapps.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/butler.santiapps.com/privkey.pem;
root /www/butler.santiapps.com;
index index.php index.html index.htm;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
# Error & Access logs
error_log /www/butler.santiapps.com/logs/error.log error;
access_log /www/butler.santiapps.com/logs/access.log;
location / {
index index.html index.php;
proxy_pass http://192.168.1.53:443;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
Uhh, did you pull that configuration from the Raspberry Pi running on 192.168.1.53? It looks like youâre trying to reverse proxy this connection in a circle. That proxy_pass line tells nginx to forward all requests along to 192.168.1.53, which it seems from what Iâve read so far (correct me if Iâm wrong) is the same IP that this instance of nginx is running from. Do you know why youâre trying to forward these connections to itself? It seems nginx may be calling shenanigans on this loop and refusing the connection.
Well I actually just added the port 80 lines, i removed them and now port 80 works:
I re-ran certbot command and it worked:
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/butler.santiapps.com/fullchain.pem (success)
thanks!
Glad we got this fixed up for you!
Thanks for writing us.
We will respond to you as soon as possible!
Gracias, responderemos lo antes posible!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.