I understand why some people wish to hide that they have problems. But, you used a domain name that was valid and belongs to someone else. Now their name shows up in such searches. You should use example.com for example domain names. But hiding your actual name makes it more difficult for volunteers to help. Some of us are less excited about helping when the person wanting help makes it difficult.
That said
Isn't the file name abc.txt ? You are missing the trailing "t". Or is that just you making a mistake when trying to hide info?
2024/03/21 10:28:20 [error] 29#29: *9 open() "/home/ec2-user/example-ui/var/www/certbot/.well-known/acme-challenge/bg804B2Sw2ayJ7WwTiXiS_HixTg87PIJSA_izTjL6ik:" failed (2: No such file or directory), client: 184.105.99.36, server: example.com, request: "GET /.well-known/acme-challenge/bg804B2Sw2ayJ7WwTiXiS_HixTg87PIJSA_izTjL6ik: HTTP/1.1", host: "example.com"
So I dont get this: challenge files seem to be created (since the logs say they are later removed) but the request cant find them, how is that possible?
I'm lost cause the error message mentions both "404" and "unauthorized". Which is it?
I'm a little puzzled by the path that Certbot used. In an earlier nginx server block you have the acme challenge path as /var/www/certbot but the path Certbot used is not that. The path Certbot uses and the path you have configured as the root in nginx must match.
In your manual test you created a file in /var/www/certbot.
Hello Mike!
I actually just managed to make it work... that's quite a pleasant surprise!
Issue was the following: although the paths certbot and nginx use were the 'same', one path was outside the container (certbot) and one was inside (nginx)...
That's because I'm starting my project + nginx by using docker-compose, and only when it's launched I use the following command:
Most tutorial I read online advise to use certbot image and start the container of the project with a command that executes the challenge on launch, but in my case certbot wasnt working automatically, challenge had to be done manually. No idea why it didnt work automatically
I know that this whole thread might be confusing for people who would read it in the future. I struggled cause I had zero prior experience with docker, nginx, aws and certificates... but I'd like to give just a few comments based on my experience:
If you use Docker volumes, double check that your volumes are correctly mounted. In my case, they initially werent
Be careful with permissions: the folder to which challenge files are supposed to be written wasnt authorizing it first, I had to change permissions
Check logs from both letsencrypt and nginx, they show which folders are used to write / retrieve challenge files. If there's any discrepency, you can figure it out there
You should use a fully qualified path for webroot path. The leading '.' prefixes the current working folder. That's just normal linux format not unique to Certbot.
Running a certbot renew or other commands may run in a different context which would cause problems.
I don't know if this is the case, but Certbot might expand the relative path before storing it, e.g. using some Python version of realpath. Could test this when I'm back at home.
