I'm having problem with issuing an ssl certificate on CloudPanel

mrabdennour · December 18, 2023, 9:23am

I'm getting an error message when generating Let'sEncrypt certificate from cloudpanel, my domain is successfully pointed to my vps machine, and I can access my home page, this is the error I'm getting:

docteur-aoun.com: Domain could not be validated, error message: error type: urn:ietf:params:acme:error:unauthorized, error detail: 2a02:4780:1e:5dba:5445:1ad5:c6ea:64ef: Invalid response from http://docteur-aoun.com/.well-known/acme-challenge/uf9igZI7nzgqGbcpw2wmCcYg5gq3qGp9Uvfee67PKeQ: 404

and

www.docteur-aoun.com: Domain could not be validated, error message: error type: urn:ietf:params:acme:error:unauthorized, error detail: 2a02:4780:21:3d3:9d62:a26:a59e:9482: Invalid response from http://www.docteur-aoun.com/.well-known/acme-challenge/Wfua2cqSrviqxrq66FKUcfWCQagt9noEcfnmlWmBs5U: 404

My server is running: nginx
My domain is: docteur-aoun.com
PHP version: 7.4
Mysql: Ver 8.0.35-0ubuntu0.22.04.1 for Linux on x86_64 ((Ubuntu))
OS: Ubuntu 22.04

My vhost:

server {
  listen 80;
  listen [::]:80;
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  {{ssl_certificate_key}}
  {{ssl_certificate}}
  server_name www.docteur-aoun.com;
  return 301 https://docteur-aoun.com$request_uri;
}

server {
  listen 80;
  listen [::]:80;
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  {{ssl_certificate_key}}
  {{ssl_certificate}}
  server_name docteur-aoun.com www1.docteur-aoun.com;
  root /home/docteur-aoun/htdocs/docteur-aoun.com/public_html;

  {{nginx_access_log}}
  {{nginx_error_log}}

  if ($scheme != "https") {
    rewrite ^ https://$host$uri permanent;
  }

  location ~ /.well-known {
    auth_basic off;
    allow all;
  }
  

  {{settings}}

  location / {
    {{varnish_proxy_pass}}
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_hide_header X-Varnish;
    proxy_redirect off;
    proxy_max_temp_file_size 0;
    proxy_connect_timeout      720;
    proxy_send_timeout         720;
    proxy_read_timeout         720;
    proxy_buffer_size          128k;
    proxy_buffers              4 256k;
    proxy_busy_buffers_size    256k;
    proxy_temp_file_write_size 256k;
  }

  location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map)$ {
    add_header Access-Control-Allow-Origin "*";
    expires max;
    access_log off;
  }

  if (-f $request_filename) {
    break;
  }
}

server {
  listen 8080;
  listen [::]:8080;
  server_name docteur-aoun.com www1.docteur-aoun.com;
  root /home/docteur-aoun/htdocs/docteur-aoun.com/public_html;

  try_files $uri $uri/ /index.php?$args;
  index index.php index.html;

  location ~ \.php$ {
    include fastcgi_params;
    fastcgi_intercept_errors on;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    try_files $uri =404;
    fastcgi_read_timeout 3600;
    fastcgi_send_timeout 3600;
    fastcgi_param HTTPS "on";
    fastcgi_param SERVER_PORT 443;
    fastcgi_pass 127.0.0.1:{{php_fpm_port}};
    fastcgi_param PHP_VALUE "{{php_settings}}";
    
    # Environment variables
    fastcgi_param ROOT_DIR "C:\\xampp\\htdocs\\docteur-aoun.com";
    fastcgi_param PROJECT_URL "http://localhost/docteur-aoun.com";
    fastcgi_param VENDOR_AUTOLOAD "/home/docteur-aoun/htdocs/docteur-aoun.com/public_html/vendor/autoload.php";
    fastcgi_param PHP_VALUE "display_errors=On";
  }
  
    location /healthy-kitchen/ {
        rewrite ^/healthy-kitchen/p/([^/]+)/?$ /healthy-kitchen/single-post.php?permalink=$1 last;
    }
    
    location /videos/ {
        rewrite ^/videos/watch/([^/]+)/?$ /videos/watch.php?permalink=$1 last;
    }
    
    location / {
        try_files $uri $uri/ $uri.php?$args;
    }
  

  if (-f $request_filename) {
    break;
  }
}

map $sent_http_content_type $expires {
    default +2d;
    image/jpg +1M;
    image/svg+xml 1M;
    image/gif +1M;
    image/jpeg +1M;
    image/png +1M;
    text/css +1M;
    text/javascript +1M;
    application/javascript +1M;
    application/x-shockwave-flash +1M;
    image/ico +1M;
    image/x-icon +1M;
    text/html +600s;
}

I spend 2 days tryng to figure this out, I would appreciate the help.

rg305 · December 18, 2023, 9:53am

HI @mrabdennour, and welcome to the LE community forum

Why are those IPs not the same?

rg305 · December 18, 2023, 9:54am

Why are both IPs not the same?

Name:      www.docteur-aoun.com.cdn.hstgr.net
Addresses: 2a02:4780:1d:758:e1fa:1fc9:70e2:8745
           191.101.104.1
Aliases:   www.docteur-aoun.com

Name:      docteur-aoun.com
Addresses: 2a02:4780:21:d1e5:2c86:14ac:8ed0:6e4a
           85.31.237.200

mrabdennour · December 18, 2023, 9:55am

This domain has been pointed to my vps, it is originally hosted on hostinger

rg305 · December 18, 2023, 9:56am

It seems the IPs are still pointing to Hostinger CDN.

rg305 · December 18, 2023, 9:58am

Doing HTTP and HTTPS in the same VHOST is bad practice.
Try splitting them in two separate VHOSTs.

rg305 · December 18, 2023, 10:01am

Why have two different ways to redirect to HTTPS?:

The second way makes sense.
The first will redirect to HTTPS, even though it is listening to HTTPS!:

If that redirection "works", it creates an endless redirection loop.

mrabdennour · December 18, 2023, 10:04am

I updated my dns records, now it's pointing to vps 100%, but I still get this error:

docteur-aoun.com: Domain could not be validated, error message: error type: urn:ietf:params:acme:error:unauthorized, error detail: 2a02:4780:22:5bf:bdb0:9917:844f:ff59: Invalid response from http://docteur-aoun.com/.well-known/acme-challenge/QAjBotEQ6F_vnLn0AdX3x42Xho791tqCkuWUDyo88S8: 404

I also updated my vhost:

server {
  listen 80;
  listen [::]:80;
  server_name www.docteur-aoun.com;
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  {{ssl_certificate_key}}
  {{ssl_certificate}}
  server_name docteur-aoun.com www.docteur-aoun.com;
  root /home/docteur-aoun/htdocs/docteur-aoun.com/public_html;

  {{nginx_access_log}}
  {{nginx_error_log}}
  
  if ($scheme != "https") {
    rewrite ^ https://$host$uri permanent;
  }
  
  location ~ /.well-known {
    auth_basic off;
    allow all;
  }

  {{settings}}

  location / {
    {{varnish_proxy_pass}}
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_hide_header X-Varnish;
    proxy_redirect off;
    proxy_max_temp_file_size 0;
    proxy_connect_timeout      720;
    proxy_send_timeout         720;
    proxy_read_timeout         720;
    proxy_buffer_size          128k;
    proxy_buffers              4 256k;
    proxy_busy_buffers_size    256k;
    proxy_temp_file_write_size 256k;
  }

  location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|gz|svg|svgz|ttf|otf|woff|woff2|eot|mp4|ogg|ogv|webm|webp|zip|swf|map)$ {
    add_header Access-Control-Allow-Origin "*";
    expires max;
    access_log off;
  }

  if (-f $request_filename) {
    break;
  }
}

server {
  listen 8080;
  listen [::]:8080;
  server_name docteur-aoun.com www.docteur-aoun.com;
  root /home/docteur-aoun/htdocs/docteur-aoun.com/public_html;

  try_files $uri $uri/ /index.php?$args;
  index index.php index.html;

  location ~ \.php$ {
    include fastcgi_params;
    fastcgi_intercept_errors on;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    try_files $uri =404;
    fastcgi_read_timeout 3600;
    fastcgi_send_timeout 3600;
    fastcgi_param HTTPS "on";
    fastcgi_param SERVER_PORT 443;
    fastcgi_pass 127.0.0.1:{{php_fpm_port}};
    fastcgi_param PHP_VALUE "{{php_settings}}";
    
    # Environment variables
    fastcgi_param ROOT_DIR "C:\\xampp\\htdocs\\docteur-aoun.com";
    fastcgi_param PROJECT_URL "http://localhost/docteur-aoun.com";
    fastcgi_param VENDOR_AUTOLOAD "/home/docteur-aoun/htdocs/docteur-aoun.com/public_html/vendor/autoload.php";
    fastcgi_param PHP_VALUE "display_errors=On";
  }
  
    location /healthy-kitchen/ {
        rewrite ^/healthy-kitchen/p/([^/]+)/?$ /healthy-kitchen/single-post.php?permalink=$1 last;
    }
    
    location /videos/ {
        rewrite ^/videos/watch/([^/]+)/?$ /videos/watch.php?permalink=$1 last;
    }
    
    location / {
        try_files $uri $uri/ $uri.php?$args;
    }
  

  if (-f $request_filename) {
    break;
  }
}

map $sent_http_content_type $expires {
    default +2d;
    image/jpg +1M;
    image/svg+xml 1M;
    image/gif +1M;
    image/jpeg +1M;
    image/png +1M;
    text/css +1M;
    text/javascript +1M;
    application/javascript +1M;
    application/x-shockwave-flash +1M;
    image/ico +1M;
    image/x-icon +1M;
    text/html +600s;
}

mrabdennour · December 18, 2023, 11:10am

Even though I updated the vhost still getting same error

rg305 · December 18, 2023, 4:15pm

Now this part is incomplete - it has no root.
I see no way for it to handle the HTTP ACME challenge requests.
[and it is only serving one of the two names you are requesting]

rg305 · December 18, 2023, 4:18pm

Only the IPs for one of the names was changed/removed:

Name:      docteur-aoun.com
Addresses: 2a02:4780:27:1068:0:322e:6f2f:3
           85.31.237.200

Name:    www.docteur-aoun.com
Address: 85.31.237.200

The error message clearly shows the name that is having the problem has similar IPs as before:

system · January 17, 2024, 4:19pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Having issues installing Let's Encrypt Help	3	255	June 1, 2024
Domain could not be validated Help	2	64	December 31, 2024
Domain could not be validated with ssl let's encrypt Help	23	2257	February 22, 2024
404 error issuance to CloudPanel domain Help	16	5478	November 21, 2020
Error issuing certificate Help	3	1693	August 6, 2019

I'm having problem with issuing an ssl certificate on CloudPanel

Related topics