I have destroyed old server droplet on Digital Ocean (which had LE working) and currently configuring new server with same domain name and different IP address. When attempting to install LE on new server got Failed authorization procedure.
I’m assuming that is due to previous configuration on old server.
Did you remove some information from the error message detail about why the response was unauthorized? Usually the CA explains what it got from your server instead of what it was expecting, or why it was unable to connect.
The existence of a previous server or cert shouldn’t affect your ability to get a new one at all, except for rate limiting, and this isn’t a rate limiting error. Apart from rate limiting, the CA doesn’t have any notion of memory of old certificates or authorizations as a reason to prevent new ones.
Thanks for the info. Now knowing that previous install is not relevant. I reviewed my install notes. Have modified /etc/nginx/sites-available/inkblot so that location for .well-know consistent with address.
-----
server {
listen 80;
server_name inkblotcreations.comwww.inkblotcreations.com ;
—
—
—
location ~/var/www/inkblotcreations/.well-known { allow all; }
}
Error is still very similar (slightly less verbose). Full error message is (for same command):
At best, that doesn't do anything. (Nothing visits URLs like http://inkblotcreations.com/xxx/var/www/inkblotcreations/xwell-knownxxx.) At worst, it's a syntactic error and Nginx won't start. (There should be a space between "~" and "/".)
Could you paste the whole Nginx configuration file, without redacting any of it? And the relevant portion of Nginx's error.log, without redacting it either?
(The command "nginx -T" will print your entire configuration in recent versions of Nginx, by the way.)
Your Nginx configuration needs to contain, at minimum, something like:
server {
listen 80;
server_name inkblotcreations.com www.inkblotcreations.com;
root /var/www/inkblotcreations;
}
Thanks for the info (definitely a learning curve)
Have fixed syntactic error and amended Nginx config as per recommendations. Also mkdir the acme-challenge folders under .well-known which weren’t there before. Still have pretty much same error.
I don't entirely understand what's happening, frankly.
That's the location block that would apply to requests for /.well-known/acme-challenge/random-stuff.
The server is responding with a 404 Not Found error that isn't generated by Nginx. (The HTML is a little different.) So i guess it's coming from the upstream.
And yet that comes from requests that really were handled by Nginx, but with a different configuration.
When was 08:14? Earlier, before you changed the configuration, or just now?
By having location “/.well-known/acme-challenge/” (less prefix of /var/www/domain/) and having default root directory properly defined towards top of server block (plus fixing other errors that you helped with), was able to save certificate and chain.
Have since configured SSL and have HTTP Strict Transport Security deployed on server.
This was a helpful tip for people who are using proxy_pass for their entire site (they may effectively not have a “webroot” the way people who are serving the site from the filesystem do). @mnordhoff, thanks for the tip; @PyCatz, glad it worked out for you!