Setting up Let's Encrypt + NGINX reverse proxy error

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:plexapp.org

I ran this command:sudo certbot --nginx -d plexapp.org

It produced this output:Failed authorization procedure. plexapp.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from https://plexapp.org/.well-known/acme-challenge/jipob3VGWBiL6zRTgyNP_uTkNwLcFDHvTRuuPjah1Pk [2606:4700:30::681f:5a69]: "\n\n<!–[if IE 7]> <html class="no-js "

IMPORTANT NOTES:

• The following errors were reported by the server:

  Domain: plexapp.org
  Type: unauthorized
  Detail: Invalid response from
  https://plexapp.org/.well-known/acme-challenge/jipob3VGWBiL6zRTgyNP_uTkNwLcFDHvTRuuPjah1Pk
  [2606:4700:30::681f:5a69]: "\n<!–[if lt IE 7]>

  \n <html class=\"no-js "

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A/AAAA record(s) for that domain
  contain(s) the right IP address.

My web server is (include version): nginx 1.14.0

The operating system my web server runs on is (include version):Ubuntu 18.04

My hosting provider, if applicable, is:Cloudflare

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): ajenti

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

Following this guide: https://tylermade.net/2017/09/14/the-perfect-reverse-proxy-nginx-ssl-webui-management/

Reverse proxy is working fine but every time I try and run the certbot command I get the same error and Google isn’t giving me a lead in which direction to go.

The latest letsencrypt.log file his here: https://pastebin.com/QgJrkyXE

Hi @erich

there are two different errors.

First, you have ipv4 and ipv6 addresses ( https://check-your-website.server-daten.de/?q=plexapp.org ):

But checking your link

Does your ipv6 work?

Second problem: Your certificate:

CN=sni.cloudflaressl.com, O="CloudFlare, Inc.", L=San Francisco, S=CA, C=US
	13.03.2019
	13.03.2020
expires in 337 days	
plexapp.org, *.plexapp.org, sni.cloudflaressl.com - 3 entries

is from Cloudflare. And you have redirects http -> https, but https doesn't work, instead there is the typical Cloudflare error:

Visible Content: Error 521 Ray ID: 4c5e6c8b3d12d0ff &bull; 2019-04-11 16:44:14 UTC Web server is down You Browser Working Berlin Cloudflare Working plexapp.org Host Error What happened? The web server is not returning a connection. As a result, the web page is not displaying. What can I do? If you are a visitor of this website: Please try again in a few minutes. If you are the owner of this website: Contact your hosting provider letting them know your web server is not responding. Additional troubleshooting information . Cloudflare Ray ID: 4c5e6c8b3d12d0ff &bull; Your IP : 2a01:238:301b::1229 &bull; Performance &amp; security by Cloudflare

If you want to use Cloudflare, you need a valid certificate. So

• deactivate Cloudflare and check your ipv6 config
• create a certificate
• activate Cloudflare

Now the redirect http -> https and the http status 521 from Cloudflare blocks.

Or use (one time) dns-01 validation to create a certificate manual and install it.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.