Server deleted and domain not accessible via public


#1

Hello,

I had set up a server on digital ocean running ubuntu 16.04, LEMP setup. I was able to setup ssl via letsencrypt for thestoicrunner.com and www.thestoicrunner.com

I then deleted the server and installed a new one. This led to use of a different IP address. Now I am am unable to access the website from the web, am I able to re-install the ssl certificate or issue a new one.

When I type in

sudo letsencrypt certonly -a webroot --webroot-path=/var/www/thestoicrunner.com/html -d thestoicrunner.com -d www.thestoicrunner.com

I get the following error message:

    Failed authorization procedure. thestoicrunner.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://thestoicrunner.com/.well-known/acme-challenge/sA3JvqdMXjxsaMLfKrXco6tUIl_PnCyYvpdiRJAbWt8: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>", www.thestoicrunner.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.thestoicrunner.com/.well-known/acme-challenge/bgzhawzOSAX0X-N6BAy4eZ__tf3_zNxOTFNjlu_D8Js: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: thestoicrunner.com
   Type:   unauthorized
   Detail: Invalid response from http://thestoicrunner.com/.well-known
   /acme-challenge/sA3JvqdMXjxsaMLfKrXco6tUIl_PnCyYvpdiRJAbWt8:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

   Domain: www.thestoicrunner.com
   Type:   unauthorized
   Detail: Invalid response from http://www.thestoicrunner.com/.well-
   known/acme-challenge/bgzhawzOSAX0X-N6BAy4eZ__tf3_zNxOTFNjlu_D8Js:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

What steps do I need to take in order to get the domain up and running again? If I type it in the browser it automatically goes to https even if I type in http

I am new and learning all of this, so looking to better understand it.

Cheers,

Ramiro


#2

The problem is unlikely to have anything to do with the https redirect (or the use of HSTS), but instead with the webroot path. The Let’s Encrypt server will request a file at http://yourserver/.well-known/acme-challenge/something. The path you enter for --webroot-path needs to be what your server serves as that path. You’ve given an incorrect path, so you need to correct it. I’d guess it should be /var/www/thestoicrunner.com/html/.well-known/acme-challenge (and you’d need to make sure those two directories existed), but that may depend on your server configuration.


#3

Okay, I’ll test this out. My current new nginx server is not yet set-up for this domain to redirect to https. Could this be the reason, the public web is unable to connect to the server?


#4

No, the error specifically says http [quote=“ram1r0, post:1, topic:23072”]
Detail: Invalid response from http://thestoicrunner.com/.well-known
/acme-challenge/sA3JvqdMXjxsaMLfKrXco6tUIl_PnCyYvpdiRJAbWt8:
[/quote]

so it’s not related to https not yet being set-up


#5

I see that .well-known does exist, but acme-challenge not. I created this. Do I still give the path as so:

path=/var/www/thestoicrunner.com/html

or

path=/var/www/thestoicrunner.com/html/.well-know/acme-challenge


#6

The first of those. (/var/www/thestoicrunner.com/html )

Also check, if you add a pure text file at /var/www/thestoicrunner.com/html/.well-known/acme-challenge/test with the word “success” in it … can you reach it at thestoicrunner.com/.well-known/acme-challenge/test in your browser


#7

I added a pure text file at that location. I cannot reach it via my browser. I see that the folders .well-known and acme-challenge are owned by root and not my user. Does this matter?


#8

It could, it depends on the permissions you have set.

Do you get a “404 not found” error though ? or do you get a permissions " you are not allowed" error ? The difference should tell you if permissions or path are the problem.


#9

I get a can’t connect to server error "Safari can’t connect to the server “thestoicrunner.com


#10

Do the logs say you are getting to the site, and indicate any issue ?

For me, I can reach your domain OK

$ curl -I thestoicrunner.com
HTTP/1.1 200 OK
Server: nginx/1.10.0 (Ubuntu)
Date: Thu, 24 Nov 2016 09:17:29 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Wed, 23 Nov 2016 21:48:42 GMT
Connection: keep-alive
ETag: "58360eba-264"
Accept-Ranges: bytes

but I can’t reach the .well-known folder below that

$ curl -I thestoicrunner.com/.well-known/
HTTP/1.1 404 Not Found
Server: nginx/1.10.0 (Ubuntu)
Date: Thu, 24 Nov 2016 09:17:22 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive

Which suggests that you have the webroot path incorrect.


#11

I have nginx setup as server blocks like so:

server {
listen 80 ;
listen [::]:80 ;

    # SSL configuration
    #
    # listen 443 ssl default_server;
    # listen [::]:443 ssl default_server;
    #
    # Note: You should disable gzip for SSL traffic.
    # See: https://bugs.debian.org/773332
    #
    # Read up on ssl_ciphers to ensure a secure configuration.
    # See: https://bugs.debian.org/765782
    #
    # Self signed certs generated by the ssl-cert package
    # Don't use them in a production server!
    #
    # include snippets/snakeoil.conf;
    root /var/www/sblocks/thestoicrunner.com/html;
    # Add index.php to the list if you are using PHP
    index index.php index.html index.htm index.nginx-debian.html;
    server_name thestoicrunner.com www.thestoicrunner.com;
    location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            #try_files $uri $uri/ =404;
            try_files $uri $uri/ /index.php$is_args$args;
    }
    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
   location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            #try_files $uri $uri/ =404;
            try_files $uri $uri/ /index.php$is_args$args;
    }
    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
            include snippets/fastcgi-php.conf;
    #       # With php7.0-cgi alone:
    #       fastcgi_pass 127.0.0.1:9000;
    #       # With php7.0-fpm:
            fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    }
    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /\.ht {
            deny all;
    }
    location = /favicon.ico { log_not_found off; access_log off; }
    location = /robots.txt { log_not_found off; access_log off; allow all; }
    location ~* \.(css|gif|ico|jpeg|jpg|js|png)$
    {
    expires max;
    log_not_found off;
    }
    location ~ /.well-known {
    allow all;
    }

}


#12

In this file you have;

Yet you said before you were using

there is a difference of “sblocks” between the two


#13

yes, sorry for the confusion. I have enabled server blocks and am now using

/var/www/sblocks/thestoicrunner.com/html

the permissions and ownership for /.well-known are as these:

drwxr-sr-x 3 root www-data 4096 Nov 24 08:53 .well-known


#14

I ran

sudo letsencrypt certonly -a webroot --webroot-path=/var/www/sblocks/thestoicrunner.com/html -d thestoicrunner.com -d www.thestoicrunner.com

and got the following

Failed authorization procedure. thestoicrunner.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://thestoicrunner.com/.well-known/acme-challenge/LeFyDPHLg_fq_r_RE3ocomLJTqaKc2qZkF2z7AzFOGg: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>", www.thestoicrunner.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.thestoicrunner.com/.well-known/acme-challenge/udHdO7xkepwsMz3erphXbC4bjYrbum3gjPnn4BNUP7g: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
IMPORTANT NOTES:
 - The following errors were reported by the server:
   Domain: thestoicrunner.com
   Type:   unauthorized
   Detail: Invalid response from http://thestoicrunner.com/.well-known
   /acme-challenge/LeFyDPHLg_fq_r_RE3ocomLJTqaKc2qZkF2z7AzFOGg:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"
   Domain: www.thestoicrunner.com
   Type:   unauthorized
   Detail: Invalid response from http://www.thestoicrunner.com/.well-
   known/acme-challenge/udHdO7xkepwsMz3erphXbC4bjYrbum3gjPnn4BNUP7g:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"
   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

#15

OK, but to go back to where we were …

You created a .well-known/acme-challenge/test file and you can’t reach it in your browser

I can reach your domain, but can not reach the folder .well-known on your server. Hence there is something incorrect about the path or location you have there.

There is no point trying certbot at the current time - when you can’t even check the file in your browser.

Do the logs show the attempt to get to the .well-known location, and give any reason for the error ?


#16

I am new to server setups. Where do I check the logs?

My browser tries to go to https:

https://thestoicrunner.com/.well-known/acme-challenge/test

I also created a file with the .txt extention:

https://thestoicrunner.com/.well-known/acme-challenge/test.txt

I just tried changing ownership to my user instead of root, yet still the same in my browser


#17

your logs will be in /var/log

specifically for nginx they will generally be in /var/log/nginx

Since you haven’t set up https yet, then your browser is giving an error connecting, since you presumably had HSTS set up before on your old server ( telling your browser to always use https )


#18

Thank you. I found an error:

`2016/11/24 09:45:16 [error] 22787#22787: *714 “/var/www/sblocks/html/.well-known/index.php” is not found (2: No such file or directory)

It goes to the default server, which is located in /var/www/sblocks/html/

Should I (1) de-active my default server, (2) change thestoicrunner.com to the default server or (3) change the webroot of the default server?


#19

You shouldn’t need to change anything on there now. I can reach the test on your server

$ curl -i thestoicrunner.com/.well-known/acme-challenge/test 
HTTP/1.1 200 OK
Server: nginx/1.10.0 (Ubuntu)
Date: Thu, 24 Nov 2016 10:01:19 GMT
Content-Type: application/octet-stream
Content-Length: 8
Last-Modified: Thu, 24 Nov 2016 09:38:52 GMT
Connection: keep-alive
ETag: "5836b52c-8"
Accept-Ranges: bytes

success

are you running certbot as root ? if so, can you just do a quick test and create
/var/www/sblocks/thestoicrunner.com/html/.well-known/acme-challenge/test2 with owner root ( and some suitable text content )


#20

I changed to webroot of the default browser to /var/www/sblocks/thestoicrunner.com/html

and was able to reach the .well-know folder:

curl -I thestoicrunner.com/.well-known/
HTTP/1.1 403 Forbidden
Server: nginx/1.10.0 (Ubuntu)
Date: Thu, 24 Nov 2016 09:59:45 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive

Then, I ran certbot and it worked :smiley:
I will install the new ssl, change the default server back to the old path and see what happens then.