Not Found only with Certbot

#1

My domain is: simoncircle.se

I ran this command: certbot certonly --nginx --dry-run -d simoncircle.se

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for simoncircle.se
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. simoncircle.se (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://simoncircle.se/.well-known/acme-challenge/wQpMVaGjQJk7dOMc2avtAaEqB8PvDJN8XAqmt2G4W_A [81.231.60.74]: “\r\nDocument Error: Not Found\r\n

Access Error: 404 – Not Found

\r\n

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: simoncircle.se
   Type:   unauthorized
   Detail: Invalid response from
   http://simoncircle.se/.well-known/acme-challenge/wQpMVaGjQJk7dOMc2avtAaEqB8PvDJN8XAqmt2G4W_A
   [81.231.60.74]: "<!DOCTYPE html>\r\n<html><head><title>Document
   Error: Not Found</title></head>\r\n<body><h2>Access Error: 404 --
   Not Found</h2>\r\n<p>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version): nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: Hosting on my own server

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

When I use the --debug-challenges option, then take the location of the key and put into a browser, it works just fine but the certbot cannot verify it.

#2

Hi @SimonCircle

I see, you have already checked your domain via https://check-your-website.server-daten.de/?q=simoncircle.se

Port 80 is open, your website answers with a correct http status 404 - not found.

So try to find your root (in your vHost file) and use it:

certbot run -a webroot certonly -w yourRoot -d simoncircle.se -d www.simoncircle.se

To check if you have found your correct root, create the two subdirectories

root/.well-known/acme-challenge

there a file (file name 1234), then try to load that file via

http://simoncircle.se/.well-known/acme-challenge/1234
#3

Thanks for the quick reponse :grinning:

My root: /var/www/simoncircle.se

When I run: certbot run -a webroot certonly -w /var/www/simoncircle.se/ -d simoncircle.se -d www.simoncircle.se

I just get: certbot: error: unrecognized arguments: certonly

I have created /var/www/simoncircle.se/.well-known/acme-challenge/1234, with hello in it. If you curl that with curl http://simoncircle.se/.well-known/acme-challenge/1234, you get 200 OK and the response is Hello

#4

I love my errors - remove the run command :wink:

There are some combinations which doesn’t work. But I have to do too much other things.

#5

Really? I have a 404 - not found:

Access Error: 404 – Not Found

Can’t locate document: /.well-known/acme-challenge/1234

Must work with non-www and www.

#6

It’s not an Nginx server.

Nginx’s 404 Not Found pages look different.

The Server header is "App-webs/".

Edit: If I open http://simoncircle.se/ in a browser, it redirects to a .asp Hikvision login page.

#7

So, I got this when I curl it

GET /.well-known/acme-challenge/1234 HTTP/1.1
Host: simoncircle.se
User-Agent: curl/7.58.0
Accept: */*

< HTTP/1.1 200 OK
< Server: nginx/1.14.0 (Ubuntu)
< Date: Thu, 14 Mar 2019 17:15:02 GMT
< Content-Type: application/octet-stream
< Content-Length: 6
< Last-Modified: Thu, 14 Mar 2019 17:00:36 GMT
< Connection: keep-alive
< ETag: "5c8a88b4-6"
< Accept-Ranges: bytes
< 
Hello

but when I used this online site which lets you curl stuff: https://onlinecurl.com/, I got >

<html><head><title>Document Error: Not Found</title></head>
<body><h2>Access Error: 404 -- Not Found</h2>
<p>Can't locate document: /.well-known/acme-challenge/1234</p>
</body>
</html>

Could it have something to do with that I am running this inside a LXC Container and not a VM

#8

Are your DNS records correct? Is 81.231.60.74 the correct IP?

Port forwarding settings?

Do you have a Hikvision surveillance camera or something?

1 Like
#9

That is really weird, All my DNS records are correct and all my portforwarding is also correct

#10

That’s interesting, my tool doesn’t see a redirect.

So that looks like a bot detection: Users -> login, bots -> nothing.

#11

I have Hikvision stuff but they are not portforwarded and 80, 443 goes to my LXC Container

#12

It uses JavaScript. :slightly_frowning_face:

window.location.href = "doc/page/login.asp?_"+nowDate.getTime();
1 Like
#13

I just get 403 Forbidden (NGINX)

#14

I check the content only, if it is https. There the tool sees redirects and meta refresh.

Should add it with http.

#15

I have just changed the IP of the LXC Container and changed my port-forwarding settings accordingly, to ensure that it was not a IP overlapping issue. Because all my websites were redirecting to the Hikvision stuff before on my mobile phone.

#16

No change for me yet.

Port 80 is the Hikvision.

Port 443 is a connection refused error.

#17

So everything on my local network works just fine, but outside it just does not work. I will try restarting my router.

#18

I would suggest combining the webroot authenticator with the nginx installer:

certbot -i nginx -a webroot -w /var/www/simoncircle.se/ -d simoncircle.se -d www.simoncircle.se

But firstly, your router/portforwarding/VM/otherstuff needs to be OK :slight_smile:

1 Like
closed #19

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.