wallkp
September 24, 2019, 4:49pm
1
Good afternoon, I use digitalocean. Ubuntu 18.
I have installed letsencrypt, easyengine, nginx, certbot.
I installed all my wordpress sites with this script:
sudo ee site create yoursitename.com --type = wp --ssl = le --cache --yes
all certificates on my sites have expired.
I can not renew!
My sites path is in:
/ opt / easyengine / sites
I tried to use:
certbot
/ certbot-auto renew
/ opt / letsencrypt / letsencrypt-auto renew
sudo certbot renew
nothing works, I always get this message:
http-01 challenge for www.dietasbaratas.com
http-01 challenge for dietasbaratas.com
Waiting for verification …
Cleaning up challenges
Failed authorization procedure. www.dietasbaratas.com (http-01): urn: ietf: params: acme: error: unauthorized :: The client lacks sufficient authorization :: Invalid response from https://dietasbaratas.com/.well-known/acme-challenge / J1xdxP8j3CQD1hStF9FbcfTzh4aDoo-HTlu7hNxzMNk
Hi @wallkp
checking your domain there is a cPanel - certificate ( https://check-your-website.server-daten.de/?q=dietasbaratas.com#ct-logs ):
If you use cPanel, you shouldn't use an own Certbot.
Isn't it possible to renew that certificate?
You have a redirect http -> https.
What says
nginx -T
wallkp
September 24, 2019, 6:05pm
3
Hi @JuergenAuer
Nginx -T
https://paste.ubuntu.com/p/Tqs2fW5Wr6/
i use too:
sudo nginx -t -c /etc/nginx/nginx.conf
its say
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
I am very lost, I used cpanel in my old hosting (hostgator).
I already canceled my hostgator service.
Now I just use my VPS on Putty.
I use the ZOHO email service, can this interfere with certificate renewal?
Ok, then the cPanel certificate isn't relevant.
Your configuration doesn't have a port 80 vHost with your domain name. So create one with your non-www and www as server_name.
Then try to use
certbot --nginx -d dietasbaratas.com -d www.dietasbaratas.com
and share the complete output (if it doesn't work).
wallkp
September 24, 2019, 7:00pm
5
wallkp
September 24, 2019, 7:15pm
6
ohh sorry, u say for create port80 vHost, i dont know how make
Please: You are using wrong commands, not renew. There is a standalone used.
2019-09-24 06:25:11,641:DEBUG:certbot.main:Arguments: ['--standalone', '-d', 'dietasbaratas.com ', '-d', 'www.dietasbaratas.com ']
And never use -q, that may hide errors.
First share again your configuration:
nginx -T
Looks like your vHost configuration is wrong.
If you don't run a webserver, --standalone
should always work. But then it's hard to debug if there are firewall- or port errors.
wallkp
September 24, 2019, 7:34pm
8
I am looking for a tutorial on how to create Vhost port 80.
I need to create the path /etc/nginx/sites-available/mydomain.com
to set up …
"server {
listen to 80;
server_name mydomain.com ;
rewrite ^ https: //mydomain.com$request_uri? permanent;
}
server {
listen to 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
ssl_stapling on;
server_name mydomain.com ;
root /var/www/mydomain.com;
place / {
try_files $ uri /index.php?$args;
}
location ~ \ .php {
try_files uri = 404;
fastcgi_split_path_info ^ (. + . php) (/.+) $;
fastcgi_pass unix: /run/php/php7.0-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
and create a symbolic link:
ln -s /etc/nginx/sites-available/mydomain.com.conf /etc/nginx/sites-enabled/mydomain.com.conf
is correct? do i need to do this for all my domains?
Check your output you have already shared.
There is a sample.
Simple - no redirect.
And create only a port 80 vHost, Certbot can add the 443 vHost.
wallkp
September 24, 2019, 8:58pm
10
wallkp
September 24, 2019, 9:05pm
11
I don't see something, there is a timeout.
Don't create https vHosts manual, let Certbot do that job.
Create only correct port 80 vHosts.
There
http://dietasbaratas.com/
is a Forbidden, may be the wrong root directory or a missing index.html.
PS: Different, three vHosts, one per domain. If you don't have content, create simple index - pages with different content, so it's possible to see if domain name + content are correct.
Please ask to your hosting provider to solve better way or they will also do from their side…
system
Closed
October 25, 2019, 11:19am
14
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.