Renew fails after TLS-SNI-01 migration - Django, Nginx & Cloudflare


#1

My domain is: mentorcruise.com

I ran this command: sudo certbot renew --dry-run

It produced this output:

 Domain: www.mentorcruise.com
   Type:   unauthorized
   Detail: Invalid response from
   http://www.mentorcruise.com/.well-known/acme-challenge/ZLCeN-0AbtdpLlMoukupZk_yRQkPaIbqZr2V362h4iA:
   "<html>\n<head><title>404 Not Found</title></head>\n<body
   bgcolor=\"white\">\n<center><h1>404 Not
   Found</h1></center>\n<hr><center>ngin"

   Domain: mentorcruise.com
   Type:   unauthorized
   Detail: Invalid response from
   http://mentorcruise.com/.well-known/acme-challenge/omf9jZtRZTKEdGloRQc3Jeneki9Kb-hTIKFreDcUw9Q:
   "<html>\n<head><title>404 Not Found</title></head>\n<body
   bgcolor=\"white\">\n<center><h1>404 Not
   Found</h1></center>\n<hr><center>ngin"

My web server is (include version): nginx version: nginx/1.10.3 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 16.04.3 LTS

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.28.0

Things I tried:
Found that http://mentorcruise.com/.well-known/acme-challenge/ returns the Django 404, so added the following to my nginx conf.

location ^~ /.well-known/acme-challenge/ {
        allow all;
        default_type "text/plain";
    }

Created test file in /usr/share/nginx/html/.well-known/acme-challenge/test which is accessible on https://mentorcruise.com/.well-known/acme-challenge/test.


#2

Hi @dmonn

that looks good, your config is ok. You have ipv4 + ipv6 addresses and redirects, but in the end, all redirects of /.well-known/acme-challenge ends in https + non-www. So use this information:

certbot run -a webroot -i nginx -w yourWebRoot -d www.mentorcruise.com -d mentorcruise.com

#3

Hey Juergen, I really appreciate the quick help. It seems to have worked! Thank you so much!