Problem with generate cert

Hi,

I recently change my dns to point my web service to another IP address.
So i removed all my letsencrypt configuration, certs, pem etc…

I have a Nginx Reverse proxy on 194.3.220.120 with 1 domain (saintlaurentdumaroni.fr) and 4 subdomains (glpi, centreon, mail, gestioncm)
I try to make a new certificate demand but it doesn’t work.
I get this error (for each domain)

Domain: saintlaurentdumaroni.fr
Type: unauthorized
Detail: Invalid response from
http://saintlaurentdumaroni.fr/.well-known/acme-challenge/LF4KfwMF8Nz0dHvv4JiD1a4exV2F-wT-QW14jgiZBIw:
"

Here is my vhost config : http://pastebin.com/4Ssj9tvB
letsencrypt.conf : http://pastebin.com/XGjZFCLb
/usr/local/etc/le-saintlaurentdumaroni.fr-webroot.ini: http://pastebin.com/yBjuQsGM

I can access to : http://saintlaurentdumaroni.fr/.well-known/test

I use this command to generate cert : /opt/letsencrypt/letsencrypt-auto certonly -c /usr/local/etc/le-saintlaurentdumaroni.fr-webroot.ini

The Lets’Encrypt Log : http://pastebin.com/3sWkDc2M

Can you help me please ?

I can't access your http://saintlaurentdumaroni.fr/.well-known/test file. I get a 403 error.

$ curl -i http://saintlaurentdumaroni.fr/.well-known/acme-challenge/test
HTTP/1.1 403 Forbidden
Content-Type: text/html
Server: Microsoft-IIS/8.0
X-Powered-By: ASP.NET
Date: Mon, 12 Dec 2016 15:30:18 GMT
Content-Length: 1268

hi CRIT

according to the CURL report from serverco the content is being served up from an IIS server.

Are your backed servers IIS servers?

You can do a redirect for .well-known/acme-challenge/ requests to point to the NGINX proxy (not the backed servers) and then get certbot to take care of the HTTP challenge for you.

You can also use DNS verification (add a TXT record to DNS)

Thanks you for your help.

I fix it and it works like a charm.

The problem was an old rule in my firewall that redirect 80 and 443 on a other server.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.