I had set up a server on digital ocean running ubuntu 16.04, LEMP setup. I was able to setup ssl via letsencrypt for thestoicrunner.com and www.thestoicrunner.com
I then deleted the server and installed a new one. This led to use of a different IP address. Now I am am unable to access the website from the web, am I able to re-install the ssl certificate or issue a new one.
When I type in
sudo letsencrypt certonly -a webroot --webroot-path=/var/www/thestoicrunner.com/html -d thestoicrunner.com -d www.thestoicrunner.com
I get the following error message:
Failed authorization procedure. thestoicrunner.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://thestoicrunner.com/.well-known/acme-challenge/sA3JvqdMXjxsaMLfKrXco6tUIl_PnCyYvpdiRJAbWt8: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>", www.thestoicrunner.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.thestoicrunner.com/.well-known/acme-challenge/bgzhawzOSAX0X-N6BAy4eZ__tf3_zNxOTFNjlu_D8Js: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: thestoicrunner.com
Type: unauthorized
Detail: Invalid response from http://thestoicrunner.com/.well-known
/acme-challenge/sA3JvqdMXjxsaMLfKrXco6tUIl_PnCyYvpdiRJAbWt8:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
Domain: www.thestoicrunner.com
Type: unauthorized
Detail: Invalid response from http://www.thestoicrunner.com/.well-
known/acme-challenge/bgzhawzOSAX0X-N6BAy4eZ__tf3_zNxOTFNjlu_D8Js:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
What steps do I need to take in order to get the domain up and running again? If I type it in the browser it automatically goes to https even if I type in http
I am new and learning all of this, so looking to better understand it.
The problem is unlikely to have anything to do with the https redirect (or the use of HSTS), but instead with the webroot path. The Let’s Encrypt server will request a file at http://yourserver/.well-known/acme-challenge/something. The path you enter for --webroot-path needs to be what your server serves as that path. You’ve given an incorrect path, so you need to correct it. I’d guess it should be /var/www/thestoicrunner.com/html/.well-known/acme-challenge (and you’d need to make sure those two directories existed), but that may depend on your server configuration.
Okay, I’ll test this out. My current new nginx server is not yet set-up for this domain to redirect to https. Could this be the reason, the public web is unable to connect to the server?
The first of those. (/var/www/thestoicrunner.com/html )
Also check, if you add a pure text file at /var/www/thestoicrunner.com/html/.well-known/acme-challenge/test with the word “success” in it … can you reach it at thestoicrunner.com/.well-known/acme-challenge/test in your browser
I added a pure text file at that location. I cannot reach it via my browser. I see that the folders .well-known and acme-challenge are owned by root and not my user. Does this matter?
It could, it depends on the permissions you have set.
Do you get a “404 not found” error though ? or do you get a permissions " you are not allowed" error ? The difference should tell you if permissions or path are the problem.
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/sblocks/thestoicrunner.com/html;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php$is_args$args;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php$is_args$args;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
sudo letsencrypt certonly -a webroot --webroot-path=/var/www/sblocks/thestoicrunner.com/html -d thestoicrunner.com -d www.thestoicrunner.com
and got the following
Failed authorization procedure. thestoicrunner.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://thestoicrunner.com/.well-known/acme-challenge/LeFyDPHLg_fq_r_RE3ocomLJTqaKc2qZkF2z7AzFOGg: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>", www.thestoicrunner.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.thestoicrunner.com/.well-known/acme-challenge/udHdO7xkepwsMz3erphXbC4bjYrbum3gjPnn4BNUP7g: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: thestoicrunner.com
Type: unauthorized
Detail: Invalid response from http://thestoicrunner.com/.well-known
/acme-challenge/LeFyDPHLg_fq_r_RE3ocomLJTqaKc2qZkF2z7AzFOGg:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
Domain: www.thestoicrunner.com
Type: unauthorized
Detail: Invalid response from http://www.thestoicrunner.com/.well-
known/acme-challenge/udHdO7xkepwsMz3erphXbC4bjYrbum3gjPnn4BNUP7g:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
You created a .well-known/acme-challenge/test file and you can’t reach it in your browser
I can reach your domain, but can not reach the folder .well-known on your server. Hence there is something incorrect about the path or location you have there.
There is no point trying certbot at the current time - when you can’t even check the file in your browser.
Do the logs show the attempt to get to the .well-known location, and give any reason for the error ?
specifically for nginx they will generally be in /var/log/nginx
Since you haven’t set up https yet, then your browser is giving an error connecting, since you presumably had HSTS set up before on your old server ( telling your browser to always use https )
are you running certbot as root ? if so, can you just do a quick test and create
/var/www/sblocks/thestoicrunner.com/html/.well-known/acme-challenge/test2 with owner root ( and some suitable text content )