Nextjs-nginx:No TXT record found at _acme-challenge.agoratsp.com

Help
42

oh ok sorry but know i outputs this and still no https:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
# configuration file /etc/nginx/nginx.conf:
events { worker_connections 1024; }
http {
    server {
        listen 80;
        server_name localhost;
        root agora-next;
        index index.html;
        location / {
            try_files $uri $uri/ /index.html;
        }
        location /api/ {
            proxy_pass http://localhost:3000;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
        }
    }
    include /etc/nginx/agoratsp.conf;   ### ADD THIS LINE
}

# configuration file /etc/nginx/agoratsp.conf:
server {
        listen       80;
        listen       [::]:80;
        server_name  agoratsp.com www.agoratsp.com;

       #include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;

location / {
                # reverse proxy for next server
                proxy_pass http://localhost:3000/;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
}
location ^~ /.well-known/acme-challenge/ {
        allow all;
        default_type "text/plain";
        root /agora-next/out;
  }
}
43

Now you can have certbot help create the HTTPS server block from the HTTP server block.
[unless you would rather do that yourself]

Try:
certbot --reinstall --cert-name agoratsp.com

As I type that, I see that the cert you have doesn't include the "www" name:

You should replace that cert with one that has both names on it.

And at the same time, certbot can create the HTTPS server block for you.

5 Likes
44

It worked! It actually worked. Thank you a lot for all the time you spend explaining everything to me.
One last thing, is there anyway the http gets automatically upgraded to https because for instance when I type agoratsp.com I get the https version while when I write www.agoratsp.com I get the https version automatically. But I suppose the safe plan here is to make http not accessible. Despite that again, thank you very much for everything.

2 Likes
45

Yes; please see HTTP Strict Transport Security - Wikipedia

2 Likes
46

Additionally there is

https://hstspreload.org/

BTW - You do have HSTS Strict-Transport-Security Header in https://agoratsp.com

$ curl -Ii http://agoratsp.com
HTTP/1.1 200 OK
Cache-Control: no-store, must-revalidate
X-Powered-By: Next.js
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Wed, 08 Feb 2023 21:26:59 GMT
Connection: keep-alive
Keep-Alive: timeout=5

$ curl -Ii https://agoratsp.com
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 08 Feb 2023 21:27:11 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Cache-Control: no-store, must-revalidate
X-Powered-By: Next.js
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
1 Like
47

The fastest method is to redirect the HTTP connctions to HTTPS.

4 Likes
48

I absolutely agree! :100:

1 Like
49

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.