I have been using letsencrypt for ~2 years, I have multiple domains on this server, all renewing fine. I have one domain which is now not renewing now.
My domain is: example.com
I ran this command: certbot renew
It produced this output:
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: example.com
Type: unauthorized
Detail: Invalid response from
https://www.example.com/.well-known/acme-challenge/iNNET70129MHp2KLjakforoUSCjiDXkn1sHHbzh0vrA
[195.224.139.115]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body>\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>nginx/1.16.1</ce"
Domain: www.example,com
Type: unauthorized
Detail: Invalid response from
https://www.example.com/.well-known/acme-challenge/An-hKzN48fU3tlN7Y5kJEDxIVBTZJf7dRBDCWGL8FRs
[195.224.139.115]: "<html>\r\n<head><title>404 Not
Found</title></head>\r\n<body>\r\n<center><h1>404 Not
Found</h1></center>\r\n<hr><center>nginx/1.16.1</ce"
My web server is (include version):
Nginx 1.16.1
The operating system my web server runs on is (include version):
FreeBSD 12.1-Release
My hosting provider, if applicable, is:
N/A self hosted
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 1.3.0
I have the following nginx vhost:
server {
# listen on port 80
listen 80;
server_name www.example.co.uk;
# Forward all traffic to SSL
return 301 https://www.example.com$request_uri;
}
server {
# listen on port 80
listen 80;
server_name example.com;
# Forward all traffic to SSL
return 301 https://www.example.com$request_uri;
}
server {
# listen on port 80
listen 80;
server_name example.co.uk;
# Forward all traffic to SSL
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
ssl on;
ssl_certificate /usr/local/etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/example.com/privkey.pem;
server_name www.example.com;
client_max_body_size 10M;
client_body_buffer_size 128k;
location ~ /.well-known/acme-challenge/ {
root /usr/local/www/nginx/example;
allow all;
}
location / {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Max-Age 3600;
add_header Access-Control-Expose-Headers Content-Length;
add_header Access-Control-Allow-Headers Range;
proxy_set_header Host $host;
proxy_pass http://10.1.1.6:8000;
allow all;
}
error_page 404 /404.html;
location = /404.html {
root /home/luke/custom_404;
allow all;
}
error_page 403 /403.html;
location = /403.html {
root /home/luke/custom_404;
allow all;
}
error_page 500 502 503 504 /500.html;
location = /500.html {
root /home/luke/custom_404;
allow all;
}
}
Whats even stranger is if I place a file in: “/usr/local/www/nginx/ng-example/.well-known/acme-challenge/foo” I can download it by navigating to: https://www.example.com/.well-known/acme-challenge/foo does anyone in here have any ideas as to what might be wrong? This config looks identical to others running with letsencrypt?