Nodejs application (AWS lightsail) letsencrypt returns /.well-known/ error


#1

I apologize for posting since I tried it for the first time and may be doing some silly mistake somewhere.

I’ve tried This link and this link to enable SSL on my nodejs application on an AWS Lightsail MEAN instance. One thing I’m doing is forwarding the traffic from port 80 to my nodejs app port, so that I only use the domain_name.com in the browser and not the :port.

I’m also using passportjs to implement authentication in the site and it is listening and working well on http. I even disabled the authentication part to make sure the redirect (to login) upon site access wasn’t causing the problem (but nope! didn’t help)

Every time I try to generate the certificates (./letsencrypt-auto certonly --standalone (with webroot option too as suggested in the posts)), letsencrypt gets stuck at getting /.well-known/, throws error and tells me to make sure I entered the domain correctly. I even manually created /.well-known/acme-challenge folders and created test file as according to several different forum posts and tested it via curl which worked. Then I used this tutorial too to see if setting through nginx and forwarding traffic to my application might work but letsencrypt always throws the above error.

Any help regarding this please?

The output from letsencrypt command always returns this (even though I check that the .well-known/acme-challenge exists in my views directory (where the routes are redirected)

and my hosts file also has the AAAA record to IPv6. Something silly is being done (by me) somewhere which I cannot identify anymore (beyond my hardest tries/experience that I’ve applied already). Any help is much appreciated.


#2

Try see if letsdebug.net reveals the issue, otherwise you’ll probably need to post your domain name so we can check what’s going on.


#3

Thank you. I just checked letsdebug.net and the result says All OK (OK
No issues were found with www..com. If you are having problems with creating an SSL certificate, please visit the Let’s Encrypt Community forums and post a question there.). Can I send my domain name in private message or something or that’s not possible? The directory structure is just a typical nodejs application (with server, routes and views where routes are render views upon page request)


#4

Sure, send a private message to me if you like.


#5

I actually joined this forum few minutes ago and trying to find how can I send a private message. I’m looking at your profile and trying to find where a private message option is located?


#6

@_az I managed to fix the HTTPS part by reconfiguring the DNS zone (in AWS Lightsail which I think is pretty much simpler and different than AWS Route 53). Now that I had to change the Nameservers in my domain registrars, the https website is accessible via the proxy and not the web browser yet (after 16 hours of wait for possibly the dns propagation wait, and chatting with domain registrars three times since last night). It says ERR_NAME_RESOLUTION_FAILED in the browser (and DNS_PROBE_FINISHED_NXDOMAIN when I type with https). I guess the only option left for me at this stage is to just wait for DNS flush/propagation (which I hope is 24 hours and not 48 or 72 hours due to the urgency of situation)? I’m just hoping that it is not conflict between A records and the static IP that I re-used since the website works in proxy?

Thanks for all your help yesterday though.


#7

Your nameserver misconfiguration appears to be totally repaired now, and your Node app appears to be no longer interfering with the /.well-known/acme-challenge path.

I don’t know why you would be seeing DNS errors, maybe it is resolved since you asked 6 hours ago, or it was a local DNS caching issue. Since your nameservers changed, that could be the source of long caching.

The only potential issue I see is that your certificate is only valid for www.example.org, you would probably want it to be valid for example.org as well.


#8

Actually it was the caching issue which seems to have fixed too and I can access the site now.

Ah I just noticed it’s not valid for my example.org and only for www.example.org. Would running letsencrypt again with -d www.example.org -d example.org cause any problem to existing valid certificate you think? Just saying because we’re about to launch/demonstrate the website in a couple of hours and I just don’t wanna mess it again.

Thanks


#9

Should be fine to replace the certificate that way. If you want to not touch anything for your demo, you can just avoid using the non-www domain until afterwards.


#10

Yeah I think I would go with the latter advice to just avoid the non-www domain for the demo, since we’ve been using the www one for previous versions. I think I’ll just wait and updates the certificates afterwards.

Thanks a lot for your help and very quick responses. I’m glad I joined the forum and got the solution so quick which has been making me pull my hair


#11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.