results of other tests
http://yuridik.uz/test.txt
https://yuridik.uz/test.txt
http://yuridik.uz:443/test.txt
https://yuridik.uz:80/test.txt
http://yuridik.uz/test.txt
https://yuridik.uz/test.txt
http://yuridik.uz:443/test.txt
https://yuridik.uz:80/test.txt
you too could not try???
that name works in both http and https 
about domains is registered in one registrar. they are redirected to one server, they are working correctly the other is not, is blocking at the level of the registrar?
registrars canât block that way
an ISP can
http://pitak.uz/
returns:
Welcome to nginx!
If you see this page, the nginx web server is successfully installed and working. Further configuration is required.
For online documentation and support please refer to nginx.org.
Commercial support is available at nginx.com.
Thank you for using nginx.
you have obviously made a few changes
run
nginx -T > /tmp/some.other.file
again and post that new config
pitak.uz - also all the rules
some.other.txt (10.1 KB)
again there is only one block with 443
each site that need https will need a similar block:
server {
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/yuridik.uz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/yuridik.uz/privkey.pem; #managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
root /server/yuridik.uz;
index index.html;
server_name yuridik.uz;
location / {
try_files $uri $uri/ /index.html?$args ;
}
}
If you are not using this file, delete it:
/etc/nginx/sites-enabled/default
@samiyev, just a quick test. In your /server/old.grantlar.uz/nginx.conf file replace this:
server_name old.grantlar.uz;
by this:
server_name old.grantlar.uz samiyev.sahsanu.com;
Save the file and restart nginx just to test if we reach the server with the new domain name.
while there add the 443 block (with the same name added):
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/old.grantlar.uz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/old.grantlar.uz/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
root /server/old.grantlar.uz;
index index.html;
server_name old.grantlar.uz samiyev.sahsanu.com;
location / {
try_files $uri $uri/ /index.html?$args ;
}
}
I think there also may be a DNS issue:
> old.grantlar.uz
Address: 62.209.129.74
> yuridik.uz
Address: 62.209.129.74
> pitak.uz
Addresses: 178.218.207.121
62.209.129.74
Yes, thatâs right, I already fixed it, thanks for the help!!!
I added, now what to do?
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for old.grantlar.uz
http-01 challenge for samiyev.sahsanu.com
nginx: [warn] duplicate MIME type âtext/htmlâ in /etc/nginx/nginx.conf:67
Waiting for verificationâŚ
Cleaning up challenges
nginx: [warn] duplicate MIME type âtext/htmlâ in /etc/nginx/nginx.conf:65
Failed authorization procedure. old.grantlar.uz (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://old.grantlar.uz/.well-known/acme-challenge/kd1Khc7KWFNc--_QvOTbKfvDbiDttTkIZaKWi0RGllA: Error getting validation data
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: old.grantlar.uz
Type: connection
Detail: Fetching
http://old.grantlar.uz/.well-known/acme-challenge/kd1Khc7KWFNc--_QvOTbKfvDbiDttTkIZaKWi0RGllA:
Error getting validation dataTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If youâre using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided
Try adding
location /.well-known/acme-challenge/ {
root /server/old.grantlar.uz;
}
reloading nginx, then when running certbot:
certbot -i nginx -a webroot -w /server/old.grantlar.uz -d old.grantlar.uz
I am extremely suspicious that nginx is not sending a well-formed HTTP response. As far as I am aware, it is not possible for this to happen unless you are using ngx_stream (and the provided conf indicates otherwise) or have significantly altered the nginx source code. PHP-FPM is not able to make nginx send a response body but not response headers.
This makes me suspect that the request is not even making it to nginx, but ÂŻ\(ă)/ÂŻ.
Are you sure no other L7 servers are sitting in front of nginx? I find the network interception case to be very likely as mentioned by @sahsanu .
1 Like
Iâm 100% sure that nginx is working correctly and correctly configured, I explain why Iâm so sure, because I bought a domain in one registrar, and they are redirected to the same server when I run the bot certificate, the LecenCrypt for one gives the certificate, for another there.
server {
listen 80;
root /server/old.grantlar.uz;
index index.html;
server_name old.grantlar.uz samiyev.sahsanu.com;
location / {
try_files $uri $uri/ /index.html?$args ;
}
location /.well-known/acme-challenge/ {
root /server/old.grantlar.uz;
}
}
root@i-1303-4845-VM:/server# certbot -i nginx -a webroot -w /server/old.grantlar.uz -d old.grantlar.uz
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer nginx
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for old.grantlar.uz
Using the webroot path /server/old.grantlar.uz for all unmatched domains.
Waiting for verificationâŚ
Cleaning up challenges
Failed authorization procedure. old.grantlar.uz (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://old.grantlar.uz/.well-known/acme-challenge/DBDbVeJCW2ZpIDfttPsMeN2bRME6xGFv-4twfN01XU4: Error getting validation data
IMPORTANT NOTES:
-
The following errors were reported by the server:
Domain: old.grantlar.uz
Type: connection
Detail: Fetching
http://old.grantlar.uz/.well-known/acme-challenge/DBDbVeJCW2ZpIDfttPsMeN2bRME6xGFv-4twfN01XU4:
Error getting validation dataTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If youâre using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
Hi @samiyev,
The test was to see what happens with another domain name using the same conf you are using with old.grantlar.uz and this is what happens:
$ curl -ikL http://old.grantlar.uz
Object not found
$ curl -ikL http://samiyev.sahsanu.com
HTTP/1.1 403 Forbidden
Server: nginx/1.10.3 (Ubuntu)
Date: Sat, 05 May 2018 18:27:58 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.10.3 (Ubuntu)</center>
</body>
</html>
Using your domain the request only gets Object not found, no headers, nothing⌠but using samiyev.sahsanu.com, the request is reaching your server so⌠yes, something is intercepting requests to old.grantlar.uz.
Cheers,
sahsanu
It also reminds me of the interception used in China to enforce ICP licences.
Sending a request to the raw IP address works okay, but a request that carries a Host header results in an intercepted request and response.
Of course, thanks, it turns out I can not do anything, only one option remains to access the provider!
1 Like