I can't configure ssl certificate error shown: Failed authorization procedure. www.blankslateit.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.blankslateit.com/.well-

jignesh-huptech · August 24, 2021, 3:42pm

Okay, no issue i'm pasting result here,

# configuration file /etc/nginx/snippets/fastcgi-php.conf:
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+\.php)(/.+)$;

# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;

# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;

fastcgi_index index.php;
include fastcgi.conf;

# configuration file /etc/nginx/fastcgi.conf:

fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REQUEST_SCHEME     $scheme;
fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

rg305 · August 24, 2021, 3:43pm

That's not the full output.

jignesh-huptech · August 24, 2021, 3:48pm

Please find below letsencrypt.log file content

2021-08-24 15:29:35,720:DEBUG:certbot.main:certbot version: 0.31.0
2021-08-24 15:29:35,723:DEBUG:certbot.main:Arguments: ['--nginx', '-d', 'blankslateit.com', '-d', 'www.blankslateit.com']
2021-08-24 15:29:35,725:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-08-24 15:29:35,762:DEBUG:certbot.log:Root logging level set at 20
2021-08-24 15:29:35,764:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-08-24 15:29:35,766:DEBUG:certbot.plugins.selection:Requested authenticator nginx and installer nginx
2021-08-24 15:29:36,112:DEBUG:certbot.plugins.selection:Single candidate plugin: * nginx
Description: Nginx Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: nginx = certbot_nginx.configurator:NginxConfigurator
Initialized: <certbot_nginx.configurator.NginxConfigurator object at 0x7fcd3dc92198>
Prep: True
2021-08-24 15:29:36,115:DEBUG:certbot.plugins.selection:Selected authenticator <certbot_nginx.configurator.NginxConfigurator object at 0x7fcd3dc92198> and installer <certbot_nginx.configurator.NginxConfigurator object at 0x7fcd3dc92198>
2021-08-24 15:29:36,116:INFO:certbot.plugins.selection:Plugins selected: Authenticator nginx, Installer nginx
2021-08-24 15:29:36,126:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/172782470', new_authzr_uri=None, terms_of_service=None), 41bd6011d25812696ddd1673f597afe5, Meta(creation_dt=datetime.datetime(2021, 8, 23, 14, 37, 30, tzinfo=<UTC>), creation_host='shopifyapp'))>
2021-08-24 15:29:36,129:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-08-24 15:29:36,132:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2021-08-24 15:29:36,306:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-08-24 15:29:36,307:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 24 Aug 2021 15:29:36 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "LYNY7YTxqpw": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-08-24 15:29:36,308:INFO:certbot.main:Obtaining a new certificate
2021-08-24 15:29:36,422:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0019_key-certbot.pem
2021-08-24 15:29:36,429:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0019_csr-certbot.pem
2021-08-24 15:29:36,431:DEBUG:acme.client:Requesting fresh nonce
2021-08-24 15:29:36,432:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-08-24 15:29:36,476:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-08-24 15:29:36,477:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 24 Aug 2021 15:29:36 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0101M3clgZQaCmrzZdFlnuZxVfLIfsLfWHRrCcO3c6TZx10
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2021-08-24 15:29:36,477:DEBUG:acme.client:Storing nonce: 0101M3clgZQaCmrzZdFlnuZxVfLIfsLfWHRrCcO3c6TZx10
2021-08-24 15:29:36,478:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "blankslateit.com"\n    },\n    {\n      "type": "dns",\n      "value": "www.blankslateit.com"\n    }\n  ]\n}'
2021-08-24 15:29:36,481:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTcyNzgyNDcwIiwgIm5vbmNlIjogIjAxMDFNM2NsZ1pRYUNtcnpaZEZsbnVaeFZmTElmc0xmV0hSckNjTzNjNlRaeDEwIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "O694aJMIGBTs56SVirsC6y6XrqTNyAm7iH6gZX1SE579bfAQsRsu1loaC2IZ5vyx-8KlDJYDHn1tsNHMZsbNuLHJls3EkHG2wsgKTreYyC0TqrwDZ3CD-KtEbZnx2cytHkq_IO5BEUzIaSy55r4LG3NLNtCd4kpelfCXaG82nKKP3ShQyEo0Ww3axlE0JF5IAXeNuXN5ngQYwwRnNNY0PmCZftPG2OSG-IzzCHq7LE7UN5w82P0_MwCGqKkky5CG9GaWMXyR8G8mX86sb5qogHbZZpYyUNEY2GFEBEMf8CKVd5s0fd_me25G_s4nVAgEYHobsZ_TmmYB2nNq6ByuyA",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImJsYW5rc2xhdGVpdC5jb20iCiAgICB9LAogICAgewogICAgICAidHlwZSI6ICJkbnMiLAogICAgICAidmFsdWUiOiAid3d3LmJsYW5rc2xhdGVpdC5jb20iCiAgICB9CiAgXQp9"
}
2021-08-24 15:29:36,772:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 481
2021-08-24 15:29:36,775:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Tue, 24 Aug 2021 15:29:36 GMT
Content-Type: application/json
Content-Length: 481
Connection: keep-alive
Boulder-Requester: 172782470
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/172782470/19306682830
Replay-Nonce: 01019ph5rjszk1nsQMLfj6tpS7Qw4qewvjXFjeb2spBZToA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2021-08-31T15:29:36Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "blankslateit.com"
    },
    {
      "type": "dns",
      "value": "www.blankslateit.com"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/24735847380",
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/24735847390"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/172782470/19306682830"
}
2021-08-24 15:29:36,776:DEBUG:acme.client:Storing nonce: 01019ph5rjszk1nsQMLfj6tpS7Qw4qewvjXFjeb2spBZToA
2021-08-24 15:29:36,776:DEBUG:acme.client:JWS payload:
b''
2021-08-24 15:29:36,780:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/24735847380:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTcyNzgyNDcwIiwgIm5vbmNlIjogIjAxMDE5cGg1cmpzemsxbnNRTUxmajZ0cFM3UXc0cWV3dmpYRmplYjJzcEJaVG9BIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNDczNTg0NzM4MCJ9",
  "signature": "kU1RxJVt_QiTu-8SzNAfXUmTaLAtz2ZuLiLBpf45XN68q2XfQuGoJznPOxSg2YpbaWmcWkXjeR285EWFU2lEptPjgp8OCBMGwhQeTz13UOhbjefQfGk1765FmPfFUDIvBKk6ZJ_h9CptsmCD06h1WnKpzsUzfy3tNC0LZO1wQ4tunPD6CrzwvnVQ_AIFV1ZcG5YNPfVwCnpxBFbf6qx4wGigclmFxS1coJOfi8q3oZKz6-iGnjqvhUPM-Of20P3ErIROFUqKoM8x4YACWfw99424iPZEwzW4GHt1nBBcAeH_hcsk1GItv6BAqc0g28J3XG94Eq97f0D4LoPEqBSJPA",
  "payload": ""
}
2021-08-24 15:29:36,876:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/24735847380 HTTP/1.1" 200 797
2021-08-24 15:29:36,878:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 24 Aug 2021 15:29:36 GMT
Content-Type: application/json
Content-Length: 797
Connection: keep-alive
Boulder-Requester: 172782470
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0101nSS1CNRe3Uc2sYB-OviWBTCuUtOV_iHc8wFEdQL0yRM
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "blankslateit.com"
  },
  "status": "pending",
  "expires": "2021-08-31T15:29:36Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/24735847380/ikQiNQ",
      "token": "KpFY9KnluE-Xwh7YZ3K93pGYG6UV_vRblf764uE3uHM"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/24735847380/wplWxg",
      "token": "KpFY9KnluE-Xwh7YZ3K93pGYG6UV_vRblf764uE3uHM"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/24735847380/bOOlWw",
      "token": "KpFY9KnluE-Xwh7YZ3K93pGYG6UV_vRblf764uE3uHM"
    }
  ]
}
2021-08-24 15:29:36,878:DEBUG:acme.client:Storing nonce: 0101nSS1CNRe3Uc2sYB-OviWBTCuUtOV_iHc8wFEdQL0yRM
2021-08-24 15:29:36,879:DEBUG:acme.client:JWS payload:
b''
2021-08-24 15:29:36,883:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/24735847390:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTcyNzgyNDcwIiwgIm5vbmNlIjogIjAxMDFuU1MxQ05SZTNVYzJzWUItT3ZpV0JUQ3VVdE9WX2lIYzh3RkVkUUwweVJNIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNDczNTg0NzM5MCJ9",
  "signature": "I92H5TGQsTFX3uUyTQ6NS9qLYlVWhn3JScUzbWx8iQGi3pqoQ1bS6Tfi1UNXzfd--LGBeiatIprumFo5iBY9Cmmr3wmuNdGucbu5eRMXU8E8KUroHUUCWpZ0CKrrEPnprH2CO2vvfNAjAH6ECDceul81txfc65TW_zzo__0dyw8BFRfeVFPza58LLXBXD4UWgjYJk-71DVyKcs6m9Yh_VEDac1I8OJow-HL9gMJ78H7IwdPy3I2AldFD7k9uNM2DK877MT2T7bfYy3A75cyQzTKPtgFJmgtM_LYK_KefPpWRNEVVvKZLvtXz-w8I60UHfYHQ4O-Jmy1GPqBvg-TlKA",
  "payload": ""
}
2021-08-24 15:29:36,997:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/24735847390 HTTP/1.1" 200 801
2021-08-24 15:29:36,999:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 24 Aug 2021 15:29:36 GMT
Content-Type: application/json
Content-Length: 801
Connection: keep-alive
Boulder-Requester: 172782470
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0101OMRsxGZTwdNmNhbrl5qKxz2G5eclUUP1OJR-GZLK3YY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.blankslateit.com"
  },
  "status": "pending",
  "expires": "2021-08-31T15:29:36Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/24735847390/Pfe69Q",
      "token": "rnsoT2Ug1lNjMhS4Rkjk4Y0Wgf00WKHvebWn0bktP9Q"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/24735847390/_MVAjw",
      "token": "rnsoT2Ug1lNjMhS4Rkjk4Y0Wgf00WKHvebWn0bktP9Q"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/24735847390/SEl5dA",
      "token": "rnsoT2Ug1lNjMhS4Rkjk4Y0Wgf00WKHvebWn0bktP9Q"
    }
  ]
}
2021-08-24 15:29:36,999:DEBUG:acme.client:Storing nonce: 0101OMRsxGZTwdNmNhbrl5qKxz2G5eclUUP1OJR-GZLK3YY
2021-08-24 15:29:37,000:INFO:certbot.auth_handler:Performing the following challenges:
2021-08-24 15:29:37,001:INFO:certbot.auth_handler:http-01 challenge for blankslateit.com
2021-08-24 15:29:37,002:INFO:certbot.auth_handler:http-01 challenge for www.blankslateit.com
2021-08-24 15:29:37,094:DEBUG:certbot_nginx.http_01:Generated server block:
[]
2021-08-24 15:29:37,095:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-mail.conf
2021-08-24 15:29:37,096:DEBUG:certbot.reverter:Creating backup of /etc/nginx/nginx.conf
2021-08-24 15:29:37,096:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-image-filter.conf
2021-08-24 15:29:37,097:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-stream.conf
2021-08-24 15:29:37,097:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf
2021-08-24 15:29:37,098:DEBUG:certbot.reverter:Creating backup of /etc/nginx/modules-enabled/50-mod-http-geoip.conf
2021-08-24 15:29:37,098:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/blankslateit.com
2021-08-24 15:29:37,099:DEBUG:certbot.reverter:Creating backup of /etc/nginx/mime.types
2021-08-24 15:29:37,100:DEBUG:certbot.reverter:Creating backup of /etc/nginx/sites-enabled/apache
2021-08-24 15:29:37,103:DEBUG:certbot_nginx.parser:Writing nginx conf tree to /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}

http {
include /etc/letsencrypt/le_http_01_cert_challenge.conf;

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;
server_names_hash_bucket_size 128;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}


#mail {
#	# See sample authentication script at:
#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#	# auth_http localhost/auth.php;
#	# pop3_capabilities "TOP" "USER";
#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#	server {
#		listen     localhost:110;
#		protocol   pop3;
#		proxy      on;
#	}
# 
#	server {
#		listen     localhost:143;
#		protocol   imap;
#		proxy      on;
#	}
#}

2021-08-24 15:29:37,105:DEBUG:certbot_nginx.parser:Writing nginx conf tree to /etc/nginx/sites-enabled/blankslateit.com:
server {
	
	root /var/www/html;
	index index.php index.html index.htm;

	server_name blankslateit.com www.blankslateit.com;
	
	return 301  http://blankslateit.com$request_uri;
	location / {
		try_files $uri $uri/ /index.php;
	}

	location ~ \.php$ {
		fastcgi_pass unix:/run/php/php7.0-fpm.sock;
		include snippets/fastcgi-php.conf;
	}
		
	location ^~ /.well-known/acme-challenge/ {
		allow all;
		root /var/www/html;
	    default_type "text/plain";
	}

    listen 443 ssl; # managed by Certbot
    #ssl_certificate /etc/letsencrypt/live/blankslateit.com/fullchain.pem; # managed by Certbot
    #ssl_certificate_key /etc/letsencrypt/live/blankslateit.com/privkey.pem; # managed by Certbot
    #include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot




}
server {rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot

rewrite ^(/.well-known/acme-challenge/.*) $1 break; # managed by Certbot


	listen 80 default_server;
	#listen [::]:80 default_server ipv6only=on;
	listen 443 ssl;
	server_name blankslateit.com www.blankslateit.com;
	#return 301 https://blankslateit.com$request_uri;
    return 404; # managed by Certbot
location = /.well-known/acme-challenge/KpFY9KnluE-Xwh7YZ3K93pGYG6UV_vRblf764uE3uHM{default_type text/plain;return 200 KpFY9KnluE-Xwh7YZ3K93pGYG6UV_vRblf764uE3uHM._i-tqHNAS329V3QetIB7M7ekutUyFWMi3LX7EbAqitE;} # managed by Certbot

location = /.well-known/acme-challenge/rnsoT2Ug1lNjMhS4Rkjk4Y0Wgf00WKHvebWn0bktP9Q{default_type text/plain;return 200 rnsoT2Ug1lNjMhS4Rkjk4Y0Wgf00WKHvebWn0bktP9Q._i-tqHNAS329V3QetIB7M7ekutUyFWMi3LX7EbAqitE;} # managed by Certbot

}

2021-08-24 15:29:38,150:INFO:certbot.auth_handler:Waiting for verification...
2021-08-24 15:29:38,152:DEBUG:acme.client:JWS payload:
b'{\n  "resource": "challenge",\n  "type": "http-01"\n}'
2021-08-24 15:29:38,156:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/24735847380/ikQiNQ:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTcyNzgyNDcwIiwgIm5vbmNlIjogIjAxMDFPTVJzeEdaVHdkTm1OaGJybDVxS3h6Mkc1ZWNsVVVQMU9KUi1HWkxLM1lZIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8yNDczNTg0NzM4MC9pa1FpTlEifQ",
  "signature": "dPeYYSCpOuAS_tXL5Av0D_2Qvhlu7tKB5blw96g8Sitzn9s8xNrIklLTiZfDDzz7uJ_RWL0CeoPYKm9EIDuarVu1m1nZGZX4s0Pf-cu_r_NX6EMhLJXAjIe-8WdTDCB2gXgqxGSfgpUbjYzjdRyNlbQAlKdqPtFu_qRhK9rx-fueOOXrPlFwg4LghMnRMEw15-xqrF3f1uFXgoTKgBpeDT1_shMcKae3jook2dg0iCu0VlJZBUizf2519T7d7Y8MWUHz-74pTmcfVUPRvflPo_OhOtW_BNPzlgppi8kfE3-Vz5UW21QDGb3MzVFGL1cUj4SjcPpN9x3i2bHXjJzF9A",
  "payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiCn0"
}
2021-08-24 15:29:38,273:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/24735847380/ikQiNQ HTTP/1.1" 200 186
2021-08-24 15:29:38,275:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 24 Aug 2021 15:29:38 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 172782470
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/24735847380>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/24735847380/ikQiNQ
Replay-Nonce: 0101vFnt1KGfSC6us3GBPUNKPG-2jNFl-Nb895l6TzaLTlw
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/24735847380/ikQiNQ",
  "token": "KpFY9KnluE-Xwh7YZ3K93pGYG6UV_vRblf764uE3uHM"
}
2021-08-24 15:29:38,275:DEBUG:acme.client:Storing nonce: 0101vFnt1KGfSC6us3GBPUNKPG-2jNFl-Nb895l6TzaLTlw
2021-08-24 15:29:38,276:DEBUG:acme.client:JWS payload:
b'{\n  "resource": "challenge",\n  "type": "http-01"\n}'
2021-08-24 15:29:38,280:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/24735847390/Pfe69Q:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTcyNzgyNDcwIiwgIm5vbmNlIjogIjAxMDF2Rm50MUtHZlNDNnVzM0dCUFVOS1BHLTJqTkZsLU5iODk1bDZUemFMVGx3IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8yNDczNTg0NzM5MC9QZmU2OVEifQ",
  "signature": "bVFB8MrQPqu3_JMw8W7SCpf_D1i-eoHzSfU3Lrb2grHQMjvPA4Q2CPSadvOgEcODEgnMRP4TF3m8uvSdagqedEAk2yex9Ij6weav7sPFKuw8e3lXLoS4QDGiLkSldFdCfEcgALEJoothyqcIwZiL5271WA5ILMkGTxGZ0zsU646VCLIiDw3oBx8sh6IPtjBY9svTtNCFUh2KDgN23E8H0peH1AWOFTusUG-JwxJNkrDq0lJ4AvkBzC2TmAT5eXwBQCCOv8feJo4jj8913mHM1lWqd7r3rmrhdBfsYUVTS8Peaz_gu0ZcASGRjqygs_jDQLksIHARxmRQ20OK68uf2A",
  "payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImh0dHAtMDEiCn0"
}
2021-08-24 15:29:38,389:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/24735847390/Pfe69Q HTTP/1.1" 200 186
2021-08-24 15:29:38,390:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 24 Aug 2021 15:29:38 GMT
Content-Type: application/json
Content-Length: 186
Connection: keep-alive
Boulder-Requester: 172782470
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/24735847390>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/24735847390/Pfe69Q
Replay-Nonce: 0102yvoWZWPeIjCFoTMLlow68teaV20ttLmNZGI2tKByv74
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "http-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/24735847390/Pfe69Q",
  "token": "rnsoT2Ug1lNjMhS4Rkjk4Y0Wgf00WKHvebWn0bktP9Q"
}
2021-08-24 15:29:38,390:DEBUG:acme.client:Storing nonce: 0102yvoWZWPeIjCFoTMLlow68teaV20ttLmNZGI2tKByv74
2021-08-24 15:29:41,392:DEBUG:acme.client:JWS payload:
b''
2021-08-24 15:29:41,395:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/24735847380:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTcyNzgyNDcwIiwgIm5vbmNlIjogIjAxMDJ5dm9XWldQZUlqQ0ZvVE1MbG93Njh0ZWFWMjB0dExtTlpHSTJ0S0J5djc0IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNDczNTg0NzM4MCJ9",
  "signature": "lO4FwaeTC2WNowM96fjnjo7OoAAY8CKaiEA4IVPHxsWZr_jDEe_pj3uAjvTNrfb37yKXRaHW6OqRGp6iq_0jOJEfur0J7kEF0SN7zQ6ODqSYUymGXngz2bwfQ74vyAWHD8f-lQIM5HeKmrGAbuFQRNtPQYeq4mFQzgheiqLO5N0Ds5jtz-SRSN9WPaySS4PuKTMfLl1Nuy_TiFHCcZx4Ced8TviB521nAF14s8qAPG_ahiB-T57ikasdPM7oVEnOkm3IKtMbn9lhWSNZ9q7WABwxGfEQnV8Ddv3XPRBYDy7A9tyhdZvzIA30ngAK4k4_TtcfAZLNMmQSw-eWzwdWJg",
  "payload": ""
}
2021-08-24 15:29:41,498:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/24735847380 HTTP/1.1" 200 1647
2021-08-24 15:29:41,499:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 24 Aug 2021 15:29:41 GMT
Content-Type: application/json
Content-Length: 1647
Connection: keep-alive
Boulder-Requester: 172782470
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0102WjQEZbPTzHonET0ZHgyXbh_VrkSwu-3HIACTVrkxpxE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "blankslateit.com"
  },
  "status": "invalid",
  "expires": "2021-08-31T15:29:36Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "Invalid response from http://blankslateit.com/.well-known/acme-challenge/KpFY9KnluE-Xwh7YZ3K93pGYG6UV_vRblf764uE3uHM [157.245.243.6]: \"\u003c!DOCTYPE html\u003e\\n\u003chtml\u003e\\n\u003chead\u003e\\n  \u003ctitle\u003e\u003c/title\u003e       \\n  \u003clink rel=\\\"stylesheet\\\" href=\\\"https://unpkg.com/@shopify/polaris@4.0.0-r\"",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/24735847380/ikQiNQ",
      "token": "KpFY9KnluE-Xwh7YZ3K93pGYG6UV_vRblf764uE3uHM",
      "validationRecord": [
        {
          "url": "http://blankslateit.com/.well-known/acme-challenge/KpFY9KnluE-Xwh7YZ3K93pGYG6UV_vRblf764uE3uHM",
          "hostname": "blankslateit.com",
          "port": "80",
          "addressesResolved": [
            "157.245.243.6",
            "2604:a880:400:d0::5c1:6001"
          ],
          "addressUsed": "2604:a880:400:d0::5c1:6001"
        },
        {
          "url": "http://blankslateit.com/.well-known/acme-challenge/KpFY9KnluE-Xwh7YZ3K93pGYG6UV_vRblf764uE3uHM",
          "hostname": "blankslateit.com",
          "port": "80",
          "addressesResolved": [
            "157.245.243.6",
            "2604:a880:400:d0::5c1:6001"
          ],
          "addressUsed": "157.245.243.6"
        }
      ],
      "validated": "2021-08-24T15:29:38Z"
    }
  ]
}
2021-08-24 15:29:41,499:DEBUG:acme.client:Storing nonce: 0102WjQEZbPTzHonET0ZHgyXbh_VrkSwu-3HIACTVrkxpxE
2021-08-24 15:29:41,501:DEBUG:acme.client:JWS payload:
b''
2021-08-24 15:29:41,504:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/24735847390:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTcyNzgyNDcwIiwgIm5vbmNlIjogIjAxMDJXalFFWmJQVHpIb25FVDBaSGd5WGJoX1Zya1N3dS0zSElBQ1RWcmt4cHhFIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNDczNTg0NzM5MCJ9",
  "signature": "GK0m5Dk5lhp07VytGWVL8KtlordppYOduoA0JkRDmP5gw5OCwmnjEuQfse9F9FLuuAGodzmrBV75hMUAeaBD9cm7h6zH-0HweajcF6EkZIB8lQbcK9VzS3PDTAq8K5YCsqXpghzRo6VcFJe2LA3bIZB2NCsC2As8k_Av9-L8dMReDvZM5s_qN_IdT3JjHJ5puaUbWSF7XqnQUYtk7Uq6sgXhPO78NgAlh6VUDJwkSIbFyyf_7n6PlYnM5HzLBQj0se8-Y48iRUDwfwLgNWK7eCyWVT6dUplmcSfxmuW1xXy-VSZl-pEdlyqcOc_VyuS2lU1d7gOI-nQbZcvkqht9MQ",
  "payload": ""
}
2021-08-24 15:29:41,599:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/24735847390 HTTP/1.1" 200 1249
2021-08-24 15:29:41,601:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 24 Aug 2021 15:29:41 GMT
Content-Type: application/json
Content-Length: 1249
Connection: keep-alive
Boulder-Requester: 172782470
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0101awa1KvSDihkpQ9bYgZMRlequiaoWtKm_mVIRPkkisfU
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "www.blankslateit.com"
  },
  "status": "invalid",
  "expires": "2021-08-31T15:29:36Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "Invalid response from http://www.blankslateit.com/.well-known/acme-challenge/rnsoT2Ug1lNjMhS4Rkjk4Y0Wgf00WKHvebWn0bktP9Q [157.245.243.6]: \"\u003c!DOCTYPE html\u003e\\n\u003chtml\u003e\\n\u003chead\u003e\\n  \u003ctitle\u003e\u003c/title\u003e       \\n  \u003clink rel=\\\"stylesheet\\\" href=\\\"https://unpkg.com/@shopify/polaris@4.0.0-r\"",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/24735847390/Pfe69Q",
      "token": "rnsoT2Ug1lNjMhS4Rkjk4Y0Wgf00WKHvebWn0bktP9Q",
      "validationRecord": [
        {
          "url": "http://www.blankslateit.com/.well-known/acme-challenge/rnsoT2Ug1lNjMhS4Rkjk4Y0Wgf00WKHvebWn0bktP9Q",
          "hostname": "www.blankslateit.com",
          "port": "80",
          "addressesResolved": [
            "157.245.243.6"
          ],
          "addressUsed": "157.245.243.6"
        }
      ],
      "validated": "2021-08-24T15:29:38Z"
    }
  ]
}
2021-08-24 15:29:41,601:DEBUG:acme.client:Storing nonce: 0101awa1KvSDihkpQ9bYgZMRlequiaoWtKm_mVIRPkkisfU
2021-08-24 15:29:41,603:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: www.blankslateit.com
Type:   unauthorized
Detail: Invalid response from http://www.blankslateit.com/.well-known/acme-challenge/rnsoT2Ug1lNjMhS4Rkjk4Y0Wgf00WKHvebWn0bktP9Q [157.245.243.6]: "<!DOCTYPE html>\n<html>\n<head>\n  <title></title>       \n  <link rel=\"stylesheet\" href=\"https://unpkg.com/@shopify/polaris@4.0.0-r"

Domain: blankslateit.com
Type:   unauthorized
Detail: Invalid response from http://blankslateit.com/.well-known/acme-challenge/KpFY9KnluE-Xwh7YZ3K93pGYG6UV_vRblf764uE3uHM [157.245.243.6]: "<!DOCTYPE html>\n<html>\n<head>\n  <title></title>       \n  <link rel=\"stylesheet\" href=\"https://unpkg.com/@shopify/polaris@4.0.0-r"

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2021-08-24 15:29:41,604:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
    self._poll_challenges(aauthzrs, chall_update, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.blankslateit.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.blankslateit.com/.well-known/acme-challenge/rnsoT2Ug1lNjMhS4Rkjk4Y0Wgf00WKHvebWn0bktP9Q [157.245.243.6]: "<!DOCTYPE html>\n<html>\n<head>\n  <title></title>       \n  <link rel=\"stylesheet\" href=\"https://unpkg.com/@shopify/polaris@4.0.0-r", blankslateit.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://blankslateit.com/.well-known/acme-challenge/KpFY9KnluE-Xwh7YZ3K93pGYG6UV_vRblf764uE3uHM [157.245.243.6]: "<!DOCTYPE html>\n<html>\n<head>\n  <title></title>       \n  <link rel=\"stylesheet\" href=\"https://unpkg.com/@shopify/polaris@4.0.0-r"

2021-08-24 15:29:41,605:DEBUG:certbot.error_handler:Calling registered functions
2021-08-24 15:29:41,605:INFO:certbot.auth_handler:Cleaning up challenges
2021-08-24 15:29:43,027:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.31.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1365, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1119, in run
    certname, lineage)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 121, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 410, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 353, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 389, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 82, in handle_authorizations
    self._respond(aauthzrs, resp, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 168, in _respond
    self._poll_challenges(aauthzrs, chall_update, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 239, in _poll_challenges
    raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. www.blankslateit.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.blankslateit.com/.well-known/acme-challenge/rnsoT2Ug1lNjMhS4Rkjk4Y0Wgf00WKHvebWn0bktP9Q [157.245.243.6]: "<!DOCTYPE html>\n<html>\n<head>\n  <title></title>       \n  <link rel=\"stylesheet\" href=\"https://unpkg.com/@shopify/polaris@4.0.0-r", blankslateit.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://blankslateit.com/.well-known/acme-challenge/KpFY9KnluE-Xwh7YZ3K93pGYG6UV_vRblf764uE3uHM [157.245.243.6]: "<!DOCTYPE html>\n<html>\n<head>\n  <title></title>       \n  <link rel=\"stylesheet\" href=\"https://unpkg.com/@shopify/polaris@4.0.0-r"

rg305 · August 24, 2021, 3:56pm

And this section seems out-of-order (top down):

rg305:

	location / {
		try_files $uri $uri/ /index.php;
	}

	location ~ \.php$ {
		fastcgi_pass unix:/run/php/php7.0-fpm.sock;
		include snippets/fastcgi-php.conf;
	}
		
	location ^~ /.well-known/acme-challenge/ {
		allow all;
		root /var/www/html;
	    default_type "text/plain";
	}

rg305 · August 24, 2021, 3:57pm

Please show the file:

jignesh-huptech · August 24, 2021, 4:00pm

server {
	
	root /var/www/html;
	index index.php index.html index.htm;

	server_name blankslateit.com www.blankslateit.com;
	
	return 301  http://blankslateit.com$request_uri;
	location / {
		try_files $uri $uri/ /index.php;
	}

	location ~ \.php$ {
		fastcgi_pass unix:/run/php/php7.0-fpm.sock;
		include snippets/fastcgi-php.conf;
	}
		
	location ^~ /.well-known/acme-challenge/ {
		allow all;
		root /var/www/html;
	    default_type "text/plain";
	}

    listen 443 ssl; # managed by Certbot
    #ssl_certificate /etc/letsencrypt/live/blankslateit.com/fullchain.pem; # managed by Certbot
    #ssl_certificate_key /etc/letsencrypt/live/blankslateit.com/privkey.pem; # managed by Certbot
    #include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot




}
server {
	listen 80 default_server;
	#listen [::]:80 default_server ipv6only=on;
	listen 443 ssl;
	server_name blankslateit.com www.blankslateit.com;
	#return 301 https://blankslateit.com$request_uri;
    return 404; # managed by Certbot
}

rg305 · August 24, 2021, 4:04pm

jignesh-huptech:

server {
	listen 80 default_server;
	#listen [::]:80 default_server ipv6only=on;
	listen 443 ssl;
	server_name blankslateit.com www.blankslateit.com;
	#return 301 https://blankslateit.com$request_uri;
    return 404; # managed by Certbot
}

That should have sent all request to HTTPS, but that line was remarked out.
So now it doesn't really know what to do with requests.
It has no document root.

Please modify it as follows:

server {
	listen 80 default_server;
	server_name _;
	return 301 https://$host$request_uri;
}

jignesh-huptech · August 24, 2021, 4:10pm

@rg305 I commented ssl certificate blocks as, before I already had this certificates enabled and working perfectly. the issue came after that expired. So first I tried to renew it and I had same error that is came currently, then I removed certificates and trying re installing it but same issue.

rg305 · August 24, 2021, 4:11pm

Please follow my instructions.

And also show the output of:
certbot certificates

rg305 · August 24, 2021, 4:17pm

Then modify this section as follows below.
Remove line:
return 301 http://blankslateit.com$request_uri;
And uncomment cert lines.
Reorder locations.
Remove well-known location.
[useless when it uses the same root]

jignesh-huptech:

server {
	root /var/www/html;
	index index.php index.html index.htm;
	server_name blankslateit.com www.blankslateit.com;
	location ~ \.php$ {
		fastcgi_pass unix:/run/php/php7.0-fpm.sock;
		include snippets/fastcgi-php.conf;
	}
	location / {
		try_files $uri $uri/ /index.php;
	}
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/blankslateit.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/blankslateit.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

jignesh-huptech · August 24, 2021, 4:17pm

lease follow my instructions.

I have done what you said.

And also show the output of:
certbot certificates

root@shopifyapp:~# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No certs found.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

rg305 · August 24, 2021, 4:18pm

How did that happen?

jignesh-huptech · August 24, 2021, 4:21pm

Because as i told above I removed all certificate when it was not renewed after expired. So I thought I can re install it from scratch, but could not able to do this.

rg305 · August 24, 2021, 4:22pm

I must have missed that.

jignesh-huptech · August 24, 2021, 4:26pm

This one..

rg305 · August 24, 2021, 4:26pm

Not really important at this point.
We can work around it.

rg305 · August 24, 2021, 4:27pm

Make it like this:

server {
	listen 80 default_server;
	server_name _;
	location ^/(?!\.well-known) {            # skip challenge requests
	  return 301 https://$host$request_uri;  # send all requests to HTTPS
	}# location
	location / {
	  root /some/unique/path/only/for/challenge/files; # make new path
	}# location
}# server

You need to make a dedicated directory for challenge files only.

Like:
mkdir /var/www/html/acme-challenges
Whatever you make, use it as the root in the server block above.
[please do not use /var/www/html as root for challenge requests]

jignesh-huptech · August 24, 2021, 4:34pm

I have done what you suggested and commented certificate files as it's still not installed. below is my code,

server {
	root /var/www/html;
	index index.php index.html index.htm;
	server_name blankslateit.com www.blankslateit.com;
	location ~ \.php$ {
		fastcgi_pass unix:/run/php/php7.0-fpm.sock;
		include snippets/fastcgi-php.conf;
	}
	location / {
		try_files $uri $uri/ /index.php;
	}
    listen 443 ssl; # managed by Certbot
    #ssl_certificate /etc/letsencrypt/live/blankslateit.com/fullchain.pem; # managed by Certbot
    #ssl_certificate_key /etc/letsencrypt/live/blankslateit.com/privkey.pem; # managed by Certbot
    #include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
	listen 80 default_server;
	server_name _;
	location ^/(?!\.well-known) {            # skip challenge requests
	  return 301 https://$host$request_uri;  # send all requests to HTTPS
	}# location
	location / {
	  root /var/www/html/acme-challenges; # make new path
	}# location
}# server

rg305 · August 24, 2021, 4:42pm

OK restart nginx and let's try:

certbot certonly \
--cert-name blankslateit.com \
--webroot -w /var/html/acme-challenges \
-d "blankslateit.com,www.blankslateit.com" --dry-run

Once that passes successfully, we can remove the --dry-run and get the real cert.

jignesh-huptech · August 24, 2021, 4:48pm

Thank you so much It's working and I can able to install certificate now

but I didn't used command you suggested, I used
certbot --nginx -d blankslateit.com

Is that any issue with that?