I cant get new crtificates - 404 Not Found

denisgolius · June 6, 2017, 11:37am

root@h2663289:/etc/letsencrypt# letsencrypt certonly --webroot -w /home/profhome.co.uk/www/ -d profhome.co.uk -d www.profhome.co.uk
Failed authorization procedure. www.profhome.co.uk (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.profhome.co.uk/.well-known/acme-challenge/8maGkb8hv0upf__rh5wOTI2vk4v4X47IGX3nGU-OCU0: "

404 Not Found

", profhome.co.uk (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://profhome.co.uk/.well-known/acme-challenge/yFyf41sM3XElh8oTCU2q1ux7nogzM9r3jmS4Pk_WJkI: " 404 Not Found

404 Not Found

"

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: www.profhome.co.uk
Type: unauthorized
Detail: Invalid response from http://www.profhome.co.uk/.well-known
/acme-challenge/8maGkb8hv0upf__rh5wOTI2vk4v4X47IGX3nGU-OCU0:
"
404 Not Found
404 Not Found

"
Domain: profhome.co.uk
Type: unauthorized
Detail: Invalid response from http://profhome.co.uk/.well-known
/acme-challenge/yFyf41sM3XElh8oTCU2q1ux7nogzM9r3jmS4Pk_WJkI:
"
404 Not Found
404 Not Found

"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.

virtual host configuration file
include /etc/nginx/redirect-map/profhome.co.uk.map;
server {
listen my_server_ipv4:80;
listen my_server_ipv6:80;
server_name profhome.co.uk www.profhome.co.uk;
return 301 https://profhome.co.uk$request_uri;
}

server {
listen my_server_ipv4:443 ssl http2;
listen my_server_ipv6:443 ssl http2;
server_name profhome.co.uk;
index index.php;
root ‘/home/profhome.co.uk/www’;

access_log off;

log_not_found off;

access_log   /var/log/nginx/profhome.co.uk.access.log;
error_log    /var/log/nginx/profhome.co.uk.error.log error;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/letsencrypt/live/profhome.co.uk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/profhome.co.uk/privkey.pem;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:60m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/profhome.co.uk/chain.pem;
#Strict transport security
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";


#Yoast SEO Sitemaps
location ~ ([^/]*)sitemap(.*).x(m|s)l$ {
    ## this redirects sitemap.xml to /sitemap_index.xml
    rewrite ^/sitemap.xml$ /sitemap_index.xml permanent;
    ## this makes the XML sitemaps work
    rewrite ^/([a-z]+)?-?sitemap.xsl$ /index.php?xsl=$1 last;
    rewrite ^/sitemap_index.xml$ /index.php?sitemap=1 last;
    rewrite ^/([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
}

# Permalink support
location / {
    try_files $uri $uri/ /index.php?$args;
}

    # Caching of media: images, icons, video, audio, HTC
    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|woff|woff2)$ {
            expires 2M;
            add_header Cache-Control "public";
    }

    # CSS and Javascript
    location ~* \.(?:css|js)$ {
            expires 7d;
            add_header Cache-Control "public";
    }

    # Redirect map usage
    if ( $redirect_uri_uk ) {
    return 301 $redirect_uri_uk;
    }

# Deny public access to wp-config.php
location ~* wp-config.php {
    deny all;
}

# Deny access to wp-admin   
location /wp-admin {
    some allow ips;
    deny all;
}   

location ~ \.php$ {
    try_files $uri =404;
    include fastcgi_params;
    fastcgi_pass unix:/run/php/php7.0-fpm-co.uk.sock;
    fastcgi_split_path_info ^(.+\.php)(.*)$;
    fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
}

}

dengolius@think ~ $ curl -I https://profhome.co.uk
HTTP/1.1 200 OK
Server: nginx/1.10.0
Date: Tue, 06 Jun 2017 10:56:14 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=skb59plt8qls0upp7uqg8ofac6; path=/
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload

dengolius@think ~ $ curl -I https://www.profhome.co.uk
curl: (51) SSL: certificate subject name (profhome-store.ru) does not match target host name ‘www.profhome.co.uk’

I get errors with curl and if I try to open www domain name with using https… What I doing wrong?

denisgolius · June 6, 2017, 12:25pm

www.profhome.co.uk uses an invalid security certificate.
The certificate is only valid for profhome-store.ru
Error code: SSL_ERROR_BAD_CERT_DOMAIN

rg305 · June 6, 2017, 12:43pm

This section:

needs:
location /.well-known {
root /home/profhome.co.uk/www/.well-known;
allow all
}

above the return 301 line
(and similarly in each virtual host configuration file)

denisgolius · June 6, 2017, 1:08pm

I have already generate certificates, but I see the same error in browser

rg305 · June 6, 2017, 3:31pm

https://www.profhome.co.uk/ is showing the cert for "profhome-store.ru"
That’s web server configuration - SNI.

system · July 6, 2017, 3:32pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.