Multiple domains using the same nginx config block, failed authorization procedure on only one of the four

mgd722 · November 29, 2017, 3:44pm

My domains are:

mathandsciencecenter.org, eurekasciencemuseum.org, and the www. subdomains for each of those. The Math and Science Center is rebranding so we’d like to add eurekasciencemuseum.org and www.eurekasciencemuseum.org to our cert in order to support all domains during a transition period.

I ran this command:

sudo certbot-auto certonly -a webroot --webroot-path=/var/www/letsencrypt/.well-known -d mathandsciencecenter.org -d eurekasciencemuseum.org -d www.mathandsciencecenter.org -d www.eurekasciencemuseum.org and selected the option to extend my old cert.

It produced this output:

Do you want to expand and replace this existing certificate with the new
certificate?
-------------------------------------------------------------------------------
(E)xpand/(C)ancel: e
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mathandsciencecenter.org
http-01 challenge for eurekasciencemuseum.org
http-01 challenge for www.mathandsciencecenter.org
http-01 challenge for www.eurekasciencemuseum.org
Using the webroot path /var/www/letsencrypt/.well-known for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.mathandsciencecenter.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.mathandsciencecenter.org/.well-known/acme-challenge/VxmooLyBbBoIJm4LwE0_6hVkZ-a6nlWTh2r21zT5YnI: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.mathandsciencecenter.org
   Type:   unauthorized
   Detail: Invalid response from
   http://www.mathandsciencecenter.org/.well-known/acme-challenge/VxmooLyBbBoIJm4LwE0_6hVkZ-a6nlWTh2r21zT5YnI:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version):

nginx/1.10.0 (Ubuntu)

The operating system my web server runs on is (include version):

Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-36-generic x86_64)

My hosting provider, if applicable, is:

Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know):

Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

No

bytecamp · November 29, 2017, 3:47pm

This would imply that the files would be stored in /var/www/letsencrypt/.well-known/.well-known/acme-challenge/ - see the double .well-known.

Maybe using --webroot-path=/var/www/letsencrypt will do the trick.

mgd722 · November 29, 2017, 3:49pm

How would three of the 4 domains validate then? That’s what really puzzles me…they all share the same nginx config block and 3 of the 4 work with it.

bytecamp · November 29, 2017, 3:56pm

Did you grep over your config files? Maybe there is another reference to that domain name.

mgd722 · November 29, 2017, 4:02pm

I still don’t really understand why it worked at all before, but I gave it a try with --webroot-path=/var/www/letsencrypt and it all went well. Thanks a lot! I was really banging my head against the wall with this one.

system · December 29, 2017, 4:03pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.