My domain is: logs.dlucadou.com
I ran this command: sudo certbot --nginx
It produced this output:
$ sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: logs.dl.codes
2: logs.dlucadou.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1 2
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/logs.dl.codes.conf)
It contains these names: logs.dl.codes
You requested these names for the new certificate: logs.dl.codes,
logs.dlucadou.com.
Do you want to expand and replace this existing certificate with the new
certificate?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(E)xpand/(C)ancel: E
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for logs.dlucadou.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. logs.dlucadou.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://logs.dlucadou.com/.well-known/acme-challenge/Ji8T2dx3h8ekGstwOGEN9kDxv3sZGD833sV0PLgugoA [2600:1f18:2a1:cd0d:51d5:a5d1:dc78:3a2b]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: logs.dlucadou.com
Type: unauthorized
Detail: Invalid response from
http://logs.dlucadou.com/.well-known/acme-challenge/Ji8T2dx3h8ekGstwOGEN9kDxv3sZGD833sV0PLgugoA
[2600:1f18:2a1:cd0d:51d5:a5d1:dc78:3a2b]:
"<html>\r\n<head><title>404 Not Found</title></head>\r\n<body
bgcolor=\"white\">\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): nginx version: nginx/1.14.0 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 18.04.2 LTS
My hosting provider, if applicable, is: AWS EC2
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): certbot 0.31.0
I want logs.dlucadou.com
to redirect to logs.dl.codes
, which has a Puma app. My sites-available file for the domains:
$ cat /etc/nginx/sites-available/logs.dlucadou.com
server {
server_name logs.dlucadou.com;
listen 80;
listen [::]:80;
location ~ /.well-known {
allow all;
root /usr/share/nginx/html;
}
return 307 $scheme://logs.dl.codes$request_uri;
}
$ cat /etc/nginx/sites-available/logs.dl.codes
upstream app {
# Path to Puma SOCK file
server unix:///home/ubuntu/git/irc-log-explorer-prod/shared/sockets/puma.sock;
}
server {
server_name logs.dl.codes;
root /home/ubuntu/git/irc-log-explorer-prod/public;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto https; # Needed to avoid 'WARNING: Can't verify CSRF token authenticity'
proxy_pass http://app;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/logs.dl.codes/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/logs.dl.codes/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = logs.dl.codes) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name logs.dl.codes;
return 404; # managed by Certbot
}
I was able to run sudo certbot --nginx
just fine for logs.dl.codes
, but it fails on expanding the cert to include logs.dlucadou.com
. I’ve even tried copying the sites-available files for some other domains I have and changing the server name, still no dice.