NGINX - HTTP Challenges Not Passing Due To MIME Types

Please fill out the fields below so we can help you better.

My domain is:example.org

I ran this command:sudo certbot certonly --webroot --webroot-path /var/www/html --agree-tos --email myemail@yahoo.com -d example.org -d www.example.org --non-interactive

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example.org
http-01 challenge for www.example.org
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.example.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.example.org/.well-known/acme-challenge/rwWu61jtp5oTdwnDxXdlld_2oszvV8OlVgMWLpdwnWQ: "

404 Not Found

404 Not Found


", example.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://example.org/.well-known/acme-challenge/QNLcCb_a2n4lUGFg2WfPSOHVvPYKiN0vZxbFeZHGuSo: " 404 Not Found

404 Not Found


"

IMPORTANT NOTES:

My operating system is (include version):ubuntu 16.04

My web server is (include version): nginx/1.10.0

My hosting provider, if applicable, is: VPS

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): NO

nginx config file:

       server {
      listen 80;
       server_name example.org www.example.org;

 location /static {
     alias /home/deploy/sites/example.org/static;
 }
 location / {
     proxy_set_header Host $host;
     proxy_pass http://unix:/tmp/mysocket.socket;
 }

 location ^~ /\.well-known {
     allow all;
     root /var/www/html;
 }
 location ~ /\.well-known/acme-challenge {
         root /var/www/html;
             }
    }

I think that your first rule for .well-known might be catching it and throwing the 404.

This is what I use (modified for your webroot path):

location ^~ /.well-known/acme-challenge/ {
	default_type "text/plain";
	root /var/www/html;
}

Thank you very much! You got in working, but would you mind explaining the problem?

I’m actually not really sure why it wasn’t working. Looking at it again it should have still matched fine to the correct path.

I just provided the syntax that I have been using successfully.

Hi @kc1,

If the conf that you put in your first post was the real one, then it is “correct”, I mean correct in the sense that http://example.org/.well-known/acme-challenge/whatever would reach the file /var/www/html/.well-known/acme-challenge/whatever because of this location:

location ~ /\.well-known/acme-challenge

So it is really strange that you get a 404 error.

By the way, this location doesn’t work as you think:

location ^~ /\.well-known

modifier ^~ doesn’t expect a regular expression so nginx is seeing it as a literal /\.well-known instead of /.well-known

Cheers,
sahsanu

1 Like

hi @matt-h

Review MIME Types

You are explicitly defining what should be returned in this code block

default_type “text/plain”;

Which is why I think your challenge passed on the second round.

Andrei

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.