Nginx Proxy urn:acme:error:unauthorized


#1

Hi Everyone,

I have facing a problem of let’s encrypt on reverse proxy

Here is my proxy Server Configuration :

server {
server_name *.domain.com;

location ‘/.well-known/acme-challenge’ {

default_type “text/plain”;
proxy_pass http://192.168.1.200/letsencrypt-auto;

}

location / {

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://192.168.1.200/;

    }

}

At the webserver (192.168.1.200)

I create a config for webroot authentication :
/etc/letsencrypt/configs/domain.com.conf

domains = domain.com
rsa-key-size = 4096
server = https://acme-v01.api.letsencrypt.org/directory
email = hello@domain.com
text = True
authenticator = webroot
webroot-path = /var/www/laravel

also I create a symbolic link on my web-root folder

ln -s /var/www/laravel/public/letsencrypt-auto -> /tmp/letsencrypt-auto

I run the command under /opt/letsencrypt (my letsencrypt installed folder) :

sudo ./letsencrypt-auto --config /etc/letsencrypt/configs/domain.com.conf certonly

It returns:

Requesting root privileges to run with virtualenv: /home/user/.local/share/letsencrypt/bin/letsencrypt --config /etc/letsencrypt/configs/domain.com.conf certonly
Failed authorization procedure. domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://domain.com/.well-known/acme-challenge/oXXvYR7nb5bXhcX9cwWBn8nx993b3f9gX-pCE8sMilE [111.111.111.111]: 502

IMPORTANT NOTES:

  • The following ‘urn:acme:error:unauthorized’ errors were reported by
    the server:

Domains: domain.com
Error: The client lacks sufficient authorization
FAIL: 1

Any help would be much appreciated


#2

Hello @Dannato2019,

My nginx knowledge is very limited but here several issues:

1.- If you use server_name *.domain.com; it will only match www.domain.com, foo.domain.com etc. but won’t match domain.com, if you want this behaviour it is ok, if you also want to match domain.com use nginx special wildcard server_name .domain.com;

2.- As far as I know, location uri should not be enclosed by ' ' so you should remove them:
location /.well-known/acme-challenge {

3.- You don’t show your web server conf on 192.168.1.200 but you said that your web root is /var/www/laravel/public/letsencrypt-auto but in letsencrypt config file you define it as webroot-path = /var/www/laravel so the challenge should be located on /var/www/laravel/.well-known/acme-challenge/random-file-challenge…seems you are messing the conf.

4.- The error you get is 502, usually a bad gateway error, the first thing you should do is check that you can connect to your server. Create a dummy file like test in your web-root + .well-known/acme-challenge/ dir and try to get it:

curl -i http://domain.com/.well-known/acme-challenge/test

5.- Check your nginx logs.

Good luck,
sahsanu