Please help with "Failed authorization procedure. duckdns.org (http-01)"


#21

I entered this command but nothing heppens.
By the way, is this OK?

root@OMV:~# lsof -iTCP -sTCP:LISTEN -P
COMMAND     PID                USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
rpcbind     472                root    8u  IPv4  16107      0t0  TCP *:111 (LISTEN)
rpcbind     472                root   11u  IPv6  16110      0t0  TCP *:111 (LISTEN)
smbd        654                root   34u  IPv6  17563      0t0  TCP *:445 (LISTEN)
smbd        654                root   35u  IPv6  17564      0t0  TCP *:139 (LISTEN)
smbd        654                root   36u  IPv4  17565      0t0  TCP *:445 (LISTEN)
smbd        654                root   37u  IPv4  17566      0t0  TCP *:139 (LISTEN)
transmiss   812 debian-transmission   14u  IPv4  15353      0t0  TCP *:9091 (LISTEN)
transmiss   812 debian-transmission   15u  IPv4  15354      0t0  TCP *:51413 (LISTEN)
transmiss   812 debian-transmission   16u  IPv6  15356      0t0  TCP *:51413 (LISTEN)
sshd        823                root    3u  IPv4  32258      0t0  TCP *:22 (LISTEN)
sshd        823                root    4u  IPv6  32260      0t0  TCP *:22 (LISTEN)
nginx       902                root    8u  IPv4  19589      0t0  TCP *:80 (LISTEN)
nginx       903            www-data    8u  IPv4  19589      0t0  TCP *:80 (LISTEN)
nginx       904            www-data    8u  IPv4  19589      0t0  TCP *:80 (LISTEN)
nginx       905            www-data    8u  IPv4  19589      0t0  TCP *:80 (LISTEN)
docker-pr  1355                root    4u  IPv6  20906      0t0  TCP *:8080 (LISTEN)
docker-pr  1368                root    4u  IPv6  19228      0t0  TCP *:444 (LISTEN)
docker-pr  1383                root    4u  IPv6  20921      0t0  TCP *:3306 (LISTEN)
cupsd     31470                root    9u  IPv4 461582      0t0  TCP *:631 (LISTEN)
cupsd     31470                root   10u  IPv6 461583      0t0  TCP *:631 (LISTEN)

There is no apache listening port 443.


#22

Yes, I see now that was my mistake - it is nginx that is listening on 80.
Try:
grep -Eri 'server_name|log|error' /etc/nginx


#23
root@OMV:~# grep -Eri 'server_name|log|error' /etc/nginx
/etc/nginx/openmediavault-webgui.d/security.conf:# http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx
/etc/nginx/openmediavault-webgui.d/security.conf:# http://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx
/etc/nginx/sites-available/openmediavault-webgui:    server_name openmediavault-webgui;
/etc/nginx/sites-available/openmediavault-webgui:    error_log /var/log/nginx/openmediavault-webgui_error.log error;
/etc/nginx/sites-available/openmediavault-webgui:    access_log /var/log/nginx/openmediavault-webgui_access.log combined;
/etc/nginx/sites-available/openmediavault-webgui:    error_page 404 = /404.php;
/etc/nginx/sites-available/default:     server_name _;
/etc/nginx/sites-available/default:#    server_name example.com;
/etc/nginx/fastcgi.conf:fastcgi_param  SERVER_NAME        $server_name;
/etc/nginx/nginx.conf:  # server_names_hash_bucket_size 64;
/etc/nginx/nginx.conf:  # server_name_in_redirect off;
/etc/nginx/nginx.conf:  # Logging Settings
/etc/nginx/nginx.conf:  access_log /var/log/nginx/access.log;
/etc/nginx/nginx.conf:  error_log /var/log/nginx/error.log;
/etc/nginx/scgi_params:scgi_param  SERVER_NAME        $server_name;
/etc/nginx/uwsgi_params:uwsgi_param  SERVER_NAME        $server_name;
/etc/nginx/fastcgi_params:fastcgi_param  SERVER_NAME        $server_name

#24

Try reviewing these log file:

access_log:
/var/log/nginx/access.log

error_log:
/var/log/nginx/error.log


#25

Have already tried. Both are empty.


#26

Then we may be looking in the wrong place…

If LE is running inside docker, then we are most likely looking in the wrong place.

But now I see that there is a docker instance on port 8080 + 444
Is that where LE runs?
Is that where you need the cert?


#27

Yes, it runs inside Docker.

I can’t say for sure.:frowning_face: I’m just trying to setup Nextcloud folowing this video https://youtu.be/TkjAcp8q0W0


#28

So the Nextcloud system is the one that needs the cert.

If you can run certbot on that system, then leave the redirection on the other.
You could get a cert from the Nextcould system using --webroot.


closed #29

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.