LE works on one server, but not the other. (noob)


#1

I am trying to setup LE on 2 servers using the following guide: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04

One is my web server, I’ll call it EXAMPLE.COM. It is running Ubuntu 14 and Nginx with PHP-FPM. I followed the steps in the guide and it works fine. It is accessible from example.com and www.example.com

I am trying to get it working on a second (separate) server which functions as our mail server,that also runs Nginx to server up several small websites. I followed the same guide and it is not able to serve webpages. It tries redirecting https: to http: but the connection times out.

Since it is only available from http://mail.example.com and NOT www.mail.example.com, would that be a problem? I ran a sudo lsof -i tcp:443 and nothing showed up on port 443.

My /sites/enabled/default file is here: http://pastebin.com/h6YYcgdP

I left my code in the top of the file commented out for future reference. Not sure if it’s worth mentioning that the server runs Postfix and Dovecot to server emails.


#2

You mentioned Postfix and Dovecot at the end, is the idea to obtain a certificate for those servers, allowing them to prove that they’re mail.example.com when talking to other machines? (You can use Let’s Encrypt certificates for this purpose). Or was that just an aside?

Anyway, you mentioned that you commented out the top part, but I notice there are two mentions of .well-known in the file, one is part of this top part that’s commented out, the other is part of the main server configuration. That definitely needs to be there (not commented out) for the validation challenge to be passed the way that guide recommends.

When the challenge happens, to prove you control mail.example.com Let’s Encrypt will be connecting over plain HTTP (not HTTPS) to look in .well-known/ for the proof. So one idea is, get the system set up in the way you think should work, but then try putting your own test file in /usr/share/nginx/html/.well-known/acme-challenge/mytestfile and check you can view that file over the web as http://mail.example.com/.well-known/acme-challenge/mytestfile

If you can’t get that working, then you need to figure out why before getting back to trying Let’s Encrypt. If it does work, we’ve ruled out one problem.


#3

I am only trying to use LE to encrypt our intranet page and other sites ran on Nginx. I mentioned Dovecot and Postfix in case there is a known conflict.

I looked in the .well-known directory and it is empty. It is empty on the working server as well. Is that normal? I was, however, able to create a file in the .well-known directory and access it from the web.

Thank you for your help.


#4

The Wordpress site is still being served if access through http://mail.example.com but times out if accessed via https://mail.example.com


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.