My certificate is expired, I need to extend it

OR did you delete the test file?
[I also can't reach it]

1 Like

To try this, I just deleted, But I added the test.txt file again, so you can see it

When I add the folder and add the file, I can't see the file.
I added the files: test.txt and test-file-1234 in the "acme-challenge" folder.
But I can see the "http://admin.stixex.io/.well-known/test.txt" file still.

You can check this file:http://admin.stixex.io/.well-known/test.txt and http://admin.stixex.io/.well-known/acme-challenge/test-file-1234 now

Strange I can't see this file now

Hello Schoen!
I just find the reason why you can't see.
Sorry for my fault.
I can't see the files also, as you.
http://admin.stixex.io/.well-known/test.txt
http://admin.stixex.io/.well-known/acme-challenge/test-file-1234

But When I change the http to https(only in the incognito), I can see the files:
https://admin.stixex.io/.well-known/test.txt
https://admin.stixex.io/.well-known/acme-challenge/test-file-1234

1 Like

Then maybe /etc/nginx/acme gets included in your HTTPS server block but not in your HTTP server block?

2 Likes

Not sure what you mean. :

This is my /etc/nginx/acme

# Webroot for Lets Encrypt
location /.well-known {
    root /var/www/letsencrypt;
}
1 Like

Where does /etc/nginx/acme get included from?

Maybe try

grep -r /etc/nginx/acme /etc/nginx

1 Like

I've done it, but nothing result

image

1 Like

It was there by last developer, I didn't make it.

Should I change the content of the file?

1 Like

I think there must be some other file that is somehow including this.

Maybe

grep -ir "include.*acme" /etc/nginx

1 Like

Yes there is:

And the content of the stixex.io is like this:

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name stixex.io www.stixex.io;

    include acme; # Letsencrypt webroot

    access_log /var/log/nginx/stixex.io/nginx_access.log;
    error_log /var/log/nginx/stixex.io/nginx_error.log;

    ssl_certificate /etc/letsencrypt/live/stixex.io/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/stixex.io/privkey.pem;
    include /etc/nginx/options-ssl-nginx.conf;

    location / {
        root /home/ubuntu/stixex/dist;
        index index.html;
    }

#    location / {
#        include proxy_params;
#        proxy_pass      http://127.0.0.1:3020;
#    }

}

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name api.stixex.io;

    include acme; # Letsencrypt webroot

    access_log /var/log/nginx/api.stixex.io/nginx_access.log;
    error_log /var/log/nginx/api.stixex.io/nginx_error.log;

    ssl_certificate /etc/letsencrypt/live/api.stixex.io/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/api.stixex.io/privkey.pem;
    include /etc/nginx/options-ssl-nginx.conf;

    location / {
        include proxy_params;
        proxy_pass      http://127.0.0.1:7000;
    }

}

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name admin.stixex.io;

    include acme; # Letsencrypt webroot

    access_log /var/log/nginx/admin.stixex.io/nginx_access.log;
    error_log /var/log/nginx/admin.stixex.io/nginx_error.log;

    ssl_certificate /etc/letsencrypt/live/admin.stixex.io/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/admin.stixex.io/privkey.pem;
    include /etc/nginx/options-ssl-nginx.conf;

    location / {
        root /home/ubuntu/admin_panel/dist;
        index index.html;
    }

}


server {
    listen 80;
    listen [::]:80;

    server_name stixex.io www.stixex.io;

    include acme; # Letsencrypt webroot

    return 301 https://$host$request_uri;

}
1 Like

The "admin" server_name is missing from the HTTP block.

1 Like

Thanks for your help.

I've added the admin.stixex.io and api.stixex.io to the server_name, admin panel works fine now.
I am really happy with that.
But I have an issue for the api.stixex.io. very strange.

I've changed the server name like this

server {
listen 80;
listen [::]:80;

server_name stixex.io www.stixex.io admin.stixex.io api.stixex.io;

include acme; # Letsencrypt webroot

return 301 https://$host$request_uri;

}

When I try to renew, I have this issue:

Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/admin.stixex.io.conf


Cert not yet due for renewal


Processing /etc/letsencrypt/renewal/api.stixex.io.conf


Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for api.stixex.io
Using the webroot path /var/www/letsencrypt for all unmatched domains.
Waiting for verification...
Challenge failed for domain api.stixex.io
http-01 challenge for api.stixex.io
Cleaning up challenges
Attempting to renew cert (api.stixex.io) from /etc/letsencrypt/renewal/api.stixex.io.conf produced an unexpected error: Some challenges have failed.. Skipping.


Processing /etc/letsencrypt/renewal/stixex.io.conf


Cert not yet due for renewal
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/api.stixex.io/fullchain.pem (failure)


The following certs are not due for renewal yet:
/etc/letsencrypt/live/admin.stixex.io/fullchain.pem expires on 2021-09-07 (skipped)
/etc/letsencrypt/live/stixex.io/fullchain.pem expires on 2021-08-05 (skipped)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/api.stixex.io/fullchain.pem (failure)


1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:

2 Likes

Try placing a test text file in the expected challenge location and see if it can be reached from the Internet.

Actually...
Reading the error:

shows that HTTP hasn't been redirected to HTTPS and that prompted me to test the redirection with:

curl -Iki api.stixex.io

Which shows NO REDIRECTION:

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 10 Jun 2021 00:17:17 GMT
Content-Type: text/html
Content-Length: 1637
Last-Modified: Tue, 08 Jun 2021 12:04:50 GMT
Connection: keep-alive
ETag: "60bf5ce2-665"
Accept-Ranges: bytes

So......
That means the server is NOT using that block for that server_name.

So......
We need to find where else that name exists in your config.

1 Like

Do you mean that we should find where the api.stixex.io exists in my config?

1 Like

YES.

1 Like

root@ubuntu-2gb-hel1-3:/home/ubuntu/admin_panel# grep -ir "api.stixex" /etc
/etc/letsencrypt/renewal/api.stixex.io.conf:archive_dir = /etc/letsencrypt/archive/api.stixex.io
/etc/letsencrypt/renewal/api.stixex.io.conf:cert = /etc/letsencrypt/live/api.stixex.io/cert.pem
/etc/letsencrypt/renewal/api.stixex.io.conf:privkey = /etc/letsencrypt/live/api.stixex.io/privkey.pem
/etc/letsencrypt/renewal/api.stixex.io.conf:chain = /etc/letsencrypt/live/api.stixex.io/chain.pem
/etc/letsencrypt/renewal/api.stixex.io.conf:fullchain = /etc/letsencrypt/live/api.stixex.io/fullchain.pem
/etc/letsencrypt/renewal/api.stixex.io.conf:api.stixex.io = /var/www/letsencrypt
/etc/letsencrypt/configs/api.stixex.io:domains = api.stixex.io
/etc/nginx/sites-enabled/stixex.io: server_name api.stixex.io;
/etc/nginx/sites-enabled/stixex.io: access_log /var/log/nginx/api.stixex.io/nginx_access.log;
/etc/nginx/sites-enabled/stixex.io: error_log /var/log/nginx/api.stixex.io/nginx_error.log;
/etc/nginx/sites-enabled/stixex.io: ssl_certificate /etc/letsencrypt/live/api.stixex.io/fullchain.pem;
/etc/nginx/sites-enabled/stixex.io: ssl_certificate_key /etc/letsencrypt/live/api.stixex.io/privkey.pem;
/etc/nginx/sites-enabled/stixex.io: server_name stixex.io www.stixex.io admin.stixex.io api.stixex.io;

Shall I find it in the other directory also?

1 Like

Please show:
nginx -T | grep api.stixex.io

1 Like

root@ubuntu-2gb-hel1-3:/home/ubuntu/admin_panel# nginx -T | grep api.stixex.io
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
server_name api.stixex.io;
access_log /var/log/nginx/api.stixex.io/nginx_access.log;
error_log /var/log/nginx/api.stixex.io/nginx_error.log;
ssl_certificate /etc/letsencrypt/live/api.stixex.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.stixex.io/privkey.pem;
server_name stixex.io www.stixex.io admin.stixex.io api.stixex.io;

1 Like

So it does exist in more than one place!

1 Like