Lets Encrypt SSL certificate Nginx

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: teamgrapevine.com

I ran this command: sudo letsencrypt certonly -a webroot --webroot-path /grapevine-hq/build/ -d teamgrapevine.com --dry-run

It produced this output: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for teamgrapevine.com
Using the webroot path /grapevine-hq/build for all unmatched domains.
Waiting for verification…
Challenge failed for domain teamgrapevine.com
http-01 challenge for teamgrapevine.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: teamgrapevine.com
  Type: unauthorized
  Detail: Invalid response from
  http://teamgrapevine.com/.well-known/acme-challenge/9RXnWK7cjbYetIYgAZTXu0cR8m3CXvF52bPleXRihbQ
  [184.168.131.241]: "\n\n\n\n

  teamgrapev"

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

My web server is (include version): nginx 1.16.1

The operating system my web server runs on is (include version): Amazon Linux 2 (based on CentOS RHEL Fedora 7)

My hosting provider, if applicable, is: GoDaddy

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 1.5.0

I have tried a ton of things to fix this. Looked through at least 100 forum posts. here is my nginx.conf:

    include /etc/nginx/conf.d/*.conf;

server {
    listen       80;
    listen       [::]:80;
    server_name  teamgrapevine.com;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;


    location /.well-known/acme-challenge {
            root /var/www/letsencrypt;
    }
    location / {
            root /grapevine-hq/build;
            index index.html
            try_file $uri /index.html;
    }
    location /api/ {
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;
            proxy_pass http://54.219.88.238;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
    }

    error_page 404 /404.html;
        location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }
}

Hi @kman

looks like trial and error, that's always wrong.

Read the part about the --webroot - parameter, then read your config files.

https://certbot.eff.org/docs/using.html

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.