Same old letsencrypt failure

snewcomer · August 5, 2016, 2:44pm

Please fill out the fields below so we can help you better.

My domain is: investlio.com. Set ip address with domain in digital ocean yesterday early afternoon.

I ran this command: /opt/letsencrypt/letsencrypt-auto --config /etc/letsencrypt/configs/investlio.com.conf certonly

config file:

domains = investlio.com
email = wat@gmail.com
text = True
authenticator = webroot
webroot-path = /var/web/letsencrypt
agree-tos = True

It produced this output:

My operating system is (include version): Ubuntu 16.04

My web server is (include version): nginx

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name investlio.com;

  include ssl_params;

  # ssl_certificate /etc/letsencrypt/live/investlio.com/fullchain.pem;
  # ssl_certificate_key /etc/letsencrypt/live/investlio.com/privkey.pem;

  location / {

    include proxy_params;

    proxy_pass http://phoenix;
    proxy_redirect off;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
  }

  location /.well-known/acme-challenge {
    root /var/web/letsencrypt;
  }
}

server {
  listen 80;

  server_name investlio.com;

  location / {
    return 301 https://$server_name$request_uri;
  }

  location /.well-known/acme-challenge {
    root /var/web/letsencrypt;
  }

  # Deny illegal host headers
  if ($host !~* ^EXAMPLE.com$) {
      return 444;
  }
}

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Does anybody have any debugging tips? Been at this for ~6 hrs now

tdelmas · August 5, 2016, 2:47pm

Your server listens on port 433, it should listen on port 80 (without ssl of course): the error message specify http, not https in the path.

snewcomer · August 5, 2016, 2:51pm

sry forgot to paste the lower half of my nginx file

snewcomer · August 5, 2016, 2:53pm

Is this possibly the fact that the DNS records still do not have my updated IP address? Any check I do seems like it does.

pfg · August 5, 2016, 5:19pm

If you check your logs in /var/log/letsencrypt/, I believe the IP address Let’s Encrypt resolved your domain to should be included. (If it’s not, try running your command with -vvvvv and check again.) DNS requests are made to your authoritative DNS server though, so DNS caching issues are not all that common with Let’s Encrypt.

I would recommend manually putting a file with random content in /var/web/letsencrypt/.well-known/acme-challenge and then trying to browse to that file with your browser to see if that succeeds.

system · September 4, 2016, 5:20pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.