SSL Error on Ubuntu

danielbjgh · May 6, 2023, 9:51am

Hello i am using Nginx Proxy Manager and when i try to request a new SSL i get this error. I have all the ports open and all.

Error: Command failed: certbot certonly --config "/etc/letsencrypt.ini" --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name "npm-52" --agree-tos --authenticator webroot --email "daniel@turteldufur.is" --preferred-challenges "dns,http" --domains "sr.1985.is"
Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.

at ChildProcess.exithandler (node:child_process:402:12)
at ChildProcess.emit (node:events:513:28)
at maybeClose (node:internal/child_process:1100:16)
at Process.ChildProcess._handle.onexit (node:internal/child_process:304:5)

MikeMcQ · May 6, 2023, 9:58am

Welcome @danielbjgh

That wasn't enough of the error message to see what happened. But it doesn't look like your domain is reachable on HTTP. That will be necessary to use the HTTP challenge like you are trying to do

danielbjgh · May 6, 2023, 10:07am

Hhuummm…. Thats strange because the port 80 is open to my ip

danielbjgh · May 6, 2023, 10:14am

Dem. I need to ask my netwoork admin to look at it. For some odd reason my port 80 dose not wan to stay open in my router

danielbjgh · May 6, 2023, 12:04pm

Now i have found it and port 80 woork agen but still i get this same error.

danielbjgh · May 6, 2023, 12:19pm

Here is full Log
https://files.1985.is/letsencrypt.log

MikeMcQ · May 6, 2023, 4:01pm

Below are the key lines from the log. In words, NPM is running Certbot to use an HTTP Challenge with --webroot method. The --webroot-path is /data/letsencrypt-acme-challenge. Because of these settings Certbot creates a challenge token file in this folder:

/data/letsencrypt-acme-challenge/.well-known/acme-challenge

After making that challenge token, Certbot has the Let's Encrypt Server validate your domain. The LE Server issues an HTTP request to your openresty (?) server looking for this challenge token file. This is failing with a 404 Not Found.

So, how to fix? I don't know. I am not an NPM expert so maybe try their forum if you can't fix it knowing this new info.

Key parts from your log (timestamps removed for readability)

2023-05-06 12:13:58,458:
DEBUG:certbot._internal.main:certbot version: 2.4.0
DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
DEBUG:certbot._internal.main:Arguments: ['--config', '/etc/letsencrypt.ini', '--work-dir', '/tmp/letsencrypt-lib', '--logs-dir', '/tmp/letsencrypt-log', '--cert-name', 'npm-58', '--agree-tos', '--authenticator', 'webroot', '--email', '[redacted]', '--preferred-challenges', 'dns,http', '--domains', 'sr.1985.is']
DEBUG:certbot._internal.plugins.selection:Requested authenticator webroot and installer None

2023-05-06 12:13:59,682:
INFO:certbot._internal.auth_handler:http-01 challenge for sr.1985.is
INFO:certbot._internal.plugins.webroot:Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
DEBUG:certbot._internal.plugins.webroot:Creating root challenges validation dir at /data/letsencrypt-acme-challenge/.well-known/acme-challenge

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: sr.1985.is
  Type:   unauthorized
  Detail: 157.97.24.197: Invalid response from http://sr.1985.is/.well-known/acme-challenge/869J7bJiMdV1i-IA1L912B_BbjIi2SuRtF5o2gMFMrw: 404

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded

Your domain responding to a test http challenge (note server response header)
The 404 is expected here since the file ForumTest1234 doesn't exist. I include this here because your "home page" is handled by an Apache server but openresty handles the HTTP challenge

curl -I files.1985.is/.well-known/acme-challenge/ForumTest1234
HTTP/1.1 404 Not Found
Server: openresty
Date: Sat, 06 May 2023 15:54:30 GMT

Your home page by Apache.

curl -I files.1985.is
HTTP/1.1 301 Moved Permanently
Date: Sat, 06 May 2023 15:42:30 GMT
Server: Apache
Location: https://files.1985.is/

system · June 5, 2023, 4:02pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.