I am trying to to renew the certificate of www.maet.bg.
I have turned the server off.
I have cd to the path of the webroot folder and there I am executing:
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you’re using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
maet_admin@maet:/var/www/html$
Do I have to turn https connections off when I try to renew to certificate?
I my nginx setup the location of ./well-known is accessible by all:
location ~ /.well-known {
allow all;
}
When I try to reach the url, it is going trough django and it is missing such a path so I get 404.
access_log /webapps/maet/logs/nginx-access.log;
error_log /webapps/maet/logs/nginx-error.log;
location /static/ {
alias /webapps/maet/website/static/;
}
location /media/ {
alias /webapps/maet/website/static/;
}
location ~ /.well-known {
allow all;
root /var/www/html;
try_files $uri =404;
}
location / {
# an HTTP header important enough to have its own Wikipedia entry:
# http://en.wikipedia.org/wiki/X-Forwarded-For
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# enable this if and only if you use HTTPS, this helps Rack
# set the proper protocol for doing redirects:
# proxy_set_header X-Forwarded-Proto https;
# pass the Host: header from the client right along so redirects
# can be set properly within the Rack application
proxy_set_header Host $http_host;
# we don't want nginx trying to do something clever with
# redirects, we set the Host: header above already.
proxy_redirect off;
# set "proxy_buffering off" *only* for Rainbows! when doing
# Comet/long-poll stuff. It's also safe to set if you're
# using only serving fast clients with Unicorn + nginx.
# Otherwise you _want_ nginx to buffer responses to slow
# clients, really.
# proxy_buffering off;
# Try to serve static files from nginx, no point in making an
# *application* server like Unicorn/Rainbows! serve static files.
if (!-f $request_filename) {
proxy_pass http://maet_app_server;
break;
}
}
# Error pages
error_page 500 502 503 504 /500.html;
location = /500.html {
root /webapps/maet/website/static/;
}
The webroot folder is the /var/www/html. I’ve created ./well-known/acme-challenge/test.html
Also I’ve created a /webapps/maet/.well-known/acme-challenge/test.html which is where django is serving the webpage.
This is how the certificate was added to the server:
Hi rg305 After trying to open the file for about two hours, I have managed to access it under the root of my Django project /webapps/maet/website/.well-known/
I was misusing root vs alias
However, now when I execute sudo certbot renew --dry-run
I am getting:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/maet.bg.conf
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for maet.bg
http-01 challenge for www.maet.bg
Waiting for verification…
Cleaning up challenges
Unable to clean up challenge directory /var/www/html/.well-known/acme-challenge
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/maet.bg/fullchain.pem
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/maet.bg/fullchain.pem (success)
I am guessing I might have a DNS problem since I can reach the test file with
curl -IkL4 http://www.maet.bg/.well-known/acme-challenge/test
returns HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Mon, 30 Oct 2017 09:40:43 GMT
Content-Type: application/octet-stream
Content-Length: 0
Last-Modified: Mon, 30 Oct 2017 08:35:02 GMT
Connection: keep-alive
ETag: "59f6e436-0"
Accept-Ranges: bytes
The return is correct - there is no IPv6 address found in global DNS for www.maet.bg
And it is confirmed by your assertion.
However, that same can not be said about maet.bg:
Name: maet.bg
Addresses: 2a03:b0c0:3:d0::24:8001
207.154.248.226