Let's encrypt on nginx ubuntu 16.04 : unauthorized


#1

Solved, thanks you :slight_smile:


#2

Your server is configured to redirect everything, including the challenge, to a login page (/private/):

osiris@desktop ~ $ curl -vL http://tophub.it/.well-known/acme-challenge/test
*   Trying 207.154.214.32...
* Connected to tophub.it (207.154.214.32) port 80 (#0)
> GET /.well-known/acme-challenge/test HTTP/1.1
> Host: tophub.it
> User-Agent: curl/7.49.0
> Accept: */*
> 
< HTTP/1.1 302 Found
< Server: nginx/1.10.0 (Ubuntu)
< Date: Fri, 24 Feb 2017 20:23:42 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 72
< Connection: keep-alive
< X-Powered-By: Express
< Location: /private/?r=%2F.well-known%2Facme-challenge%2Ftest
< Vary: Accept, Accept-Encoding
< 
* Ignoring the response-body
* Connection #0 to host tophub.it left intact
* Issue another request to this URL: 'http://tophub.it/private/?r=%2F.well-known%2Facme-challenge%2Ftest'
* Found bundle for host tophub.it: 0x1f52520 [can pipeline]
* Re-using existing connection! (#0) with host tophub.it
* Connected to tophub.it (207.154.214.32) port 80 (#0)
> GET /private/?r=%2F.well-known%2Facme-challenge%2Ftest HTTP/1.1
> Host: tophub.it
> User-Agent: curl/7.49.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: nginx/1.10.0 (Ubuntu)
< Date: Fri, 24 Feb 2017 20:23:42 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 2115
< Connection: keep-alive
< X-Powered-By: Express
< Cache-Control: no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0
< ETag: W/"843-Yx/1r7y59PnVcqgMRc7R5Q"
< Vary: Accept-Encoding
< 
<!doctype html>
<!--[if (IE 8)&!(IEMobile)]><html class="no-js lt-ie9" lang="en"><![endif]-->
<!--[if (gte IE 9)| IEMobile |!(IE)]><!--><html class="no-js" lang="en"><!--<![endif]-->
    <head>
(...)
osiris@desktop ~ $

So you’d have to remove that redirect for the /.well-known/acme-challenge/ location.


#3

@Osiris, thanks sir,

how can i do that?

i removed the protection of ghost (password required, witch create /private/), but still not working.


#4

What’s the error message now?

You can also try making a test file in /var/www/html/.well-known/acme-challenge/test with, for example. “Test” as content. This should be accessible through http://tophub.it/.well-known/acme-challenge/test If not, there’s something else going on…


#5

What’s the error message now?

It’s the same.

Failed authorization procedure. www.tophub.it (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.tophub.it/.well-known/acme-challenge/x8PuCWj89p-0olFs1Ge3mf66vd4ITUieTJfDrEoWgzk: "

<meta http-equiv="X-UA-Compatible" content="IE=edge" ", tophub.it (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://tophub.it/.well-known/acme-challenge/nOQ9OW1C4Aglol0KuHE2AVvKPoKbHqF_KrR5tANYTt0: " <meta http-equiv="X-UA-Compatible" content="IE=edge" "

I’m a newbie in server maintance, i followed this guide https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04 . Maybe i am missing something?

Now this is (filezilla): http://i.imgur.com/nGzk0Zk.png


#6

Can i up the topic? Thanks.


#7

    


#8

How can i do that? I dont have the /acme-challenge/ folder, should i create it?


#9

Yes, that’s the appropriate way of action :slight_smile:


#10

Yes, that’s the appropriate way of action

I created a file test.txt in tophub.it/.well-known/acme-challenge/ but http://tophub.it/.well-known/acme-challenge/test.txt is not working.


#11

It’s redirecting from /test.txt to /test.txt/, implicating he can’t find the file indeed.

Please look in your Apachenginx error logs for the appropriate error (concerning test.txt) to see where Apachenginx expects to find it.


#12

I really don’t know how to do that, i googled but i didn’t find an answer.

p.s using nginx.


#13

Here’s a guide from the nginx guys themselves: https://www.nginx.com/resources/admin-guide/logging-and-monitoring/


#14

Thanks, but not really helpful, i dont know where is my log file :worried:


#15

The guide will also tell you how to set that up. Have you even opened the link?


#16

Yes, i did

By default, the error log is located at logs/error.log (the absolute path depends on the operating system and installation)
i still dont find it.

Following this thread 404 on .well-known/acme-challenge/, now the error 404 is by nginx and not ghost, can be this helpful?


#17

EDIT : I got it!

Now http://tophub.it/.well-known/acme-challenge/test22.txt (changed the name) gives not error 404! Now? xD

It don’t work just with files named test.txt, why?

http://tophub.it/.well-known/acme-challenge/itworks.txt

Sorry for boring you.


#18

I got the certificated, but i had a new problem, i i am opening a new topic, this can be closed.

Thanks you so much Osiris


#19

That’s actually quite strange and doesn’t explain why the ACME challenge files weren’t reachable too earlier.

Did you make an adjustment? How did you get the certificate? Might be helpful for other people coming across this thread.


#20

I solved the problem just following this thread

with a bit of adjustment (root of location, for example)