Raspberry Pi, NGINX and SSL

My domain is:
ollykeeling.me

I ran this command:
sudo certbot --authenticator standalone --installer nginx --pre-hook “service nginx stop” --post-hook “service nginx start”

It produced this output:
Running pre-hook command: service nginx stop
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ollykeeling.me
Waiting for verification…
Cleaning up challenges
Running post-hook command: service nginx start
Failed authorization procedure. ollykeeling.me (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://ollykeeling.me/.well-known/acme-challenge/g6EhSSsP_hshfe9IfKigqP0t-7JfjKntYrt1Nfg0IEo [212.159.105.9]: "\n\n<html xmlns=“http”

IMPORTANT NOTES:

My web server is (include version):
nginx/1.14.2

The operating system my web server runs on is (include version):
Raspberry Pi OS (buster)

My hosting provider, if applicable, is:
GoDaddy

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
0.31.0

/etc/nginx/sites-available/ollykeeling.me
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.htm index.html;
server_name ollykeeling.me;
include snippets/letsencrypt.conf;
}

This is symlinked to /etc/nginx/sites-enabled
Root website is var/www/html/

/etc/nginx/snippets/letsencrypt.conf
location ^~ /.well-known/acme-challenge/ {
allow all;
root /var/lib/letsencrypt/;
default_type “text/plain”;
try_files $uri =404;
}

location ~ /.well-known {
allow all;
}

I have tried a number of things to date so the letsencrypt log file is quite long, but I can post that if needed

Hi @OllyK

checking your url

http://ollykeeling.me/.well-known/acme-challenge/g6EhSSsP_hshfe9IfKigqP0t-7JfjKntYrt1Nfg0IEo

in my browser there is a QNAP - error:

Error

Page not found or the web server is currently unavailable. Please contact the website administrator for help.

If you stop your nginx, does that stop that QNAP?

Runs your certbot on that ip 212.159.105.9?

Normally, standalone should always work. But it looks that you run your certbot on the wrong machine. Or your nginx isn't relevant, because QNAP blocks port 80.

I just looked at that URL as well and it's redirecting to my NAS for some reason. On the router (DD-WRT) port forwarding is set to direct port 80 to the Raspberry Pi. So it seems I may have a routing issue that needs to be resolved first!

Either that or nginx is re-directing back to the NAS for some reason. More digging needed me thinks!

Looks like a router issue. That URL now points back to nginx with a page not found

I have now re-run the command:
sudo certbot --nginx

and got:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?


1: ollykeeling.me


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for ollykeeling.me
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. ollykeeling.me (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://ollykeeling.me/.well-known/acme-challenge/8IctJf-2jYogHuQk3RkZHKn0KSka3nXWBMzvb-BCgUQ [212.159.105.9]: "\n\n<html xmlns=“http”

IMPORTANT NOTES:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.