Hi,
I have 2 wordpress sites that share same subdomains:
Site1 (/var/www/sites/greenfrogroofing):
innerwest.greenfrogroofing.com.au
Site2 (/var/www/sites/greenfrogroofing1 - not same folder as above) :
www.greenfrogroofing.com.au
greenfrogroofing.com.au
Problem
While I successfully issued a certificate for Site1’s innerwest.greenfrogroofing.com.au domain using http-01 challenge, I am unabled to generate certificate for the 2nd site. I get the following error after running
sudo /opt/letsencrypt/certbot-auto --debug --email admin@example.com --no-eff-email --agree-tos -n --nginx --no-redirect --keep --expand -d greenfrogroofing.com.au -d www.greenfrogroofing.com.au certonly --dry-run
Output
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for greenfrogroofing.com.au
http-01 challenge for www.greenfrogroofing.com.au
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: www.greenfrogroofing.com.au
Type: unauthorized
Detail: Invalid response from
http://www.greenfrogroofing.com.au/.well-known/acme-challenge/_rioMweHnrnRWTUIhV-WR7AgW-1YSIYjq9-XWJARYRQ:
"<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" conten"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
I verified the following issues:
- No https redirection. I even manually added a file under .well-known/acme-challenge/myfile.txt and successfully read it using http.
The curl output is this:
> curl -i http://www.greenfrogroofing.com.au/.well-known/acme-challenge/myfile.txt
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 22 Apr 2018 08:19:19 GMT
Content-Type: text/plain
Content-Length: 0
Last-Modified: Wed, 18 Apr 2018 16:00:07 GMT
Connection: keep-alive
ETag: "5ad76b87-0"
X-UA-Compatible: IE=Edge
X-Rocket-Nginx-Serving-Static: No
Accept-Ranges: bytes
- There is no permission issues. I ran certbot with root command and I even went too far t o give .well-known 777 access but that didn’t help.
NOTES
I tried to install other sites on the server that has different domain (not greenfrogroofing.com.au) but and all works perfectly.
I believe this has something to do with already having a certificate for Site1 that shares same domain (but both sites have different folders and different conf files!)
CONF FILES
Site1:
server {
listen 80;
server_name innerwest.greenfrogroofing.com.au
root /var/www/sites/greenfrogroofing;
location / {
index index.php;
try_files $uri $uri/ /index.php?q=$uri&$args;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
include elemento.conf;
include h5bp/basic.conf;
include wp-rocket.conf;
include wordpress-security.conf;
access_log /var/log/nginx/greenfrogroofing.access.log;
error_log /var/log/nginx/greenfrogroofing.error.log;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/innerwest.greenfrogroofing.com.au/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/innerwest.greenfrogroofing.com.au/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
Site 2:
server {
listen 80;
server_name www.greenfrogroofing.com.au greenfrogroofing.com.au;
root /var/www/sites/greenfrogroofing1;
location / {
index index.php;
try_files $uri $uri/ /index.php?q=$uri&$args;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
include elemento.conf;
include h5bp/basic.conf;
include wp-rocket.conf;
include wordpress-security.conf;
access_log /var/log/nginx/greenfrogroofing1.access.log;
error_log /var/log/nginx/greenfrogroofing1.error.log;
}