My website is hosted in cloudflare I first disable the cloudflare CDN then I enabled it and I have the same problem. My webserver is nginx and I want to create a certificate for my website in an nginx reverse proxy.
My reverse proxy configurartion:
server {
listen 80 default_server;
listen [::]:80 default_server;
index index.php index.html index.htm;
root /var/www/html;
server_name jcp-connect.fr 176.139.8.11;
index index.html index.htm index.nginx-debian.html;
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
try_files $uri @backend;
}
location @backend {
proxy_pass http://jcp-connect.fr;
}
}
My backend server configuration when the cloudflare is enabled:
http {
include mime.types;
index index.php index.html index.htm;
default_type text/html;
sendfile on;
keepalive_timeout 65;
gzip on;
client_max_body_size 1000M;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 80;
listen [::]:80;
server_name jcp-connect.fr;
include /etc/nginx/snippets/self-signed.conf;
include /etc/nginx/snippets/ssl-params.conf;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 32k;
fastcgi_buffers 4 32k;
fastcgi_busy_buffers_size 32k;
fastcgi_temp_file_write_size 32k;
client_body_timeout 10;
client_header_timeout 10;
send_timeout 60;
output_buffers 1 32k;
postpone_output 1460;
root /www/WebPortal/public;
location / {
try_files $uri $uri/ /index.php?$query_string;
add_header X-Frame-Options sameorigin always;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (-f $request_filename) {
# fastcgi_pass 127.0.0.1:1026;
fastcgi_pass unix:/var/run/php7-fpm.sock;
}
}
}
}
My domain is: jcp-connect.fr
I ran this command:
./certbot-auto certonly --webroot -w /var/www/letsencrypt -d jcp-connect.fr
It produced this output:
Requesting to rerun ./certbot-auto with root privileges…
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for jcp-connect.fr
Using the webroot path /var/www/letsencrypt for all unmatched domains.
Waiting for verification…
Challenge failed for domain jcp-connect.fr
http-01 challenge for jcp-connect.fr
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
-
The following errors were reported by the server:Domain: jcp-connect.fr
Type: unauthorized
Detail: Invalid response from
http://jcp-connect.fr/.well-known/acme-challenge/tdOWhxrzlpNS6rUY8ZfXhL0z2NeHYrYMUd88IhTEi_s
[176.139.8.11]: "\n\n \n\n <meta name=“viewport” content="width=device-w"To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.The problem comes from that the challenge file cannot be reached but I don't know why. Any help please.