Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: modamarieclaire.com.au
I ran this command: sudo certbot --nginx certonly
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is: AWS
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): AWS/EC2/Route53
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0
rg305
May 4, 2022, 4:13am
2
Hi @it.specialist , and welcome to the LE community forum
There is a problem with the handling of the challenge requests.Please show the output of: nginx -T
curl http://modamarieclaire.com.au/.well-known/acme-challenge/Test_File-1234
It works
1 Like
rg305:
modamarieclaire.com.au
For now, I just had an index.php file in the domains root folder. Its content just echo "it works";http://modamarieclaire.com.au/index.php
rg305:
nginx -T
Output of nginx -T
worker_processes 1;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 15;
types_hash_max_size 2048;
server_tokens off;
client_max_body_size 64m;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
gzip_proxied any;
gzip_comp_level 2;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript t
ext/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name modamarieclaire.com www.modamarieclaire.com _;
return 444;
}
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
# configuration file /etc/nginx/modules-enabled/50-mod-http-geoip.conf:
load_module modules/ngx_http_geoip_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf:
load_module modules/ngx_http_image_filter_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf:
load_module modules/ngx_http_xslt_filter_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-mail.conf:
load_module modules/ngx_mail_module.so;
# configuration file /etc/nginx/modules-enabled/50-mod-stream.conf:
load_module modules/ngx_stream_module.so;
# configuration file /etc/nginx/mime.types:
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.wap.wmlc wmlc;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
application/vnd.openxmlformats-officedocument.wordprocessingml.document d
ocx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet x
lsx;
application/vnd.openxmlformats-officedocument.presentationml.presentation p
ptx;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
# configuration file /etc/nginx/sites-enabled/modamarieclaire.aliases:
server {
listen 80;
listen [::]:80;
server_name modamarieclaire.com.au www.modamarieclaire.com.au modamarieclai
re.au www.modamarieclaire.au modestclassy.com www.modestclassy.com modestclassy.
com.au www.modestclassy.com.au modestclassy.au www.modestclassy.au marieclaire.s
tore www.marieclaire.store modama
rieclaire.co www.modamarieclaire.co modamarieclaire.info www.modamarieclaire.inf
o modamarieclaire.live www.modamarieclaire.live modamarieclaire.online www.modam
arieclaire.online modamarieclaire.shop www.modamarieclaire.shop modamarieclaire.
site www.modamarieclaire.site mod
amarieclaire.store www.modamarieclaire.store modamarieclaire.today www.modamarie
claire.today modamarieclaire.xyz www.modamarieclaire.xyz _;
error_log /var/www/html/modamarieclaire.com/logs/error.log;
root /var/www/html/modamarieclaire.com/aliases/;
index index.html index.php;
location / {
try_files $uri $uri/ /index.php?$args;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_read_timeout 3600;
fastcgi_index index.php;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
include fastcgi_params;
}
# Necessary for Let's Encrypt Domain Name ownership validation
#location ~ /.well-known {
# allow all;
#}
}
# configuration file /etc/nginx/fastcgi_params:
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# configuration file /etc/nginx/sites-enabled/modamarieclaire.com:
server {
listen 80;
listen [::]:80; # ipv6only=on;
listen 443 ssl;
listen [::]:443 ssl; # ipv6only=on;
root /var/www/html/modamarieclaire.com/production;
index index.html index.htm index.php;
server_name modamarieclaire.com www.modamarieclaire.com _;#modamarieclai
re.com.au www.modamarieclaire.com.au modamarieclaire.au www.modamarieclaire.au m
odestclassy.com www.modestclassy.com modestclassy.com.au www.modestclassy.com.au
modestclassy.au www.modestclassy
.au marieclaire.store www.marieclaire.store modamarieclaire.co www.modamarieclai
re.co modamarieclaire.info www.modamarieclaire.info modamarieclaire.live www.mod
amarieclaire.live modamarieclaire.online www.modamarieclaire.online modamariecla
ire.shop www.modamarieclaire.shop
modamarieclaire.site www.modamarieclaire.site modamarieclaire.store www.modamar
ieclaire.store modamarieclaire.today www.modamarieclaire.today modamarieclaire.x
yz www.modamarieclaire.xyz _;
ssl on;
ssl_certificate /etc/ssl/modamarieclaire.com/modamarieclaire.com.crt;
ssl_certificate_key /etc/ssl/modamarieclaire.com/modamarieclaire_com_key
.txt;
location / {
#rewrite ^/(.*)$ //www.modamarieclaire.com/$1 redirect;
try_files $uri $uri/ @handler;
}
location ~ \.php$ {
try_files $uri @handler;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
include fastcgi_params;
fastcgi_read_timeout 300;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name
;
}
location @handler {
index modamarieclaire.com/production/cart.php;
rewrite ^/sitemap.xml(\?.+)?$ /cart.php?target=sitemap;
rewrite ^/(.*)$ /cart.php?url=$1 last;
}
}
1 Like
rg305:
nginx -T
I have tried to put here the output of nginx -T but it was deleted by the forum system
1 Like
rg305
May 4, 2022, 4:26am
6
Try adding backticks [key found normally above TAB key] above (and below) the post.
You can also post it on any public site.paste.bin
2 Likes
rg305
May 4, 2022, 4:37am
8
Try making the challenge path and placing a test text file there.
mkdir -p /var/www/html/modamarieclaire.com/aliases/.well-known/acme-challenge
echo "test" > /var/www/html/modamarieclaire.com/aliases/.well-known/acme-challenge/Test_File-1234`
Then we can test access to it with:http://modamarieclaire.com.au/.well-known/acme-challenge/Test_File-1234
2 Likes
rg305
May 4, 2022, 4:38am
9
Also, you must have already changed something!:
curl http://modamarieclaire.com.au/.well-known/acme-challenge/Test_File-1234
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
2 Likes
rg305
May 4, 2022, 4:42am
10
Like this change:
location ~ /.well-known {
allow all;
}
hmm...
2 Likes
Nothing else. Apologies as I was waiting for your response I remember I had commented on the above. I was just placing back the way it was to see if would make a difference.
1 Like
rg305
May 4, 2022, 4:52am
15
Show:certbot certificates
2 Likes
root@ip-172-31-6-215:/# certbot certificates
No certs found.
1 Like
rg305
May 4, 2022, 4:58am
17
Try:
certbot certonly \
--webroot -w /var/www/html/modamarieclaire.com/aliases \
-d modamarieclaire.com.au www.modamarieclaire.com.au \
-d modamarieclaire.au www.modamarieclaire.au \
-d modestclassy.com www.modestclassy.com \
-d modestclassy.com.au www.modestclassy.com.au \
-d modestclassy.au www.modestclassy.au \
-d marieclaire.store www.marieclaire.store \
-d modamarieclaire.co www.modamarieclaire.co \
-d modamarieclaire.info www.modamarieclaire.info \
-d modamarieclaire.live www.modamarieclaire.live \
-d modamarieclaire.online www.modamarieclaire.online \
-d modamarieclaire.shop www.modamarieclaire.shop \
-d modamarieclaire.site www.modamarieclaire.site \
-d modamarieclaire.store www.modamarieclaire.store \
-d modamarieclaire.today www.modamarieclaire.today \
-d modamarieclaire.xyz www.modamarieclaire.xyz
Feel free to add or remove any names to that list.
2 Likes
9peppe
May 4, 2022, 11:03am
18
You should remove this or replace it with
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
For this reason:
2 Likes
9peppe
May 4, 2022, 11:08am
19
Also, don't do this:
Just use port 443. Let the other server block handle port 80 and the redirect.
And this sounds incredibly redundant:
2 Likes
I got this while trying to run that command:
root@ip-172-31-6-215:~# certbot certonly \
> --webroot -w /var/www/html/modamarieclaire.com/aliases \
> -d modamarieclaire.com.au www.modamarieclaire.com.au \
> -d modamarieclaire.au www.modamarieclaire.au \
> -d modestclassy.com www.modestclassy.com \
> -d modestclassy.com.au www.modestclassy.com.au \
> -d modestclassy.au www.modestclassy.au \
> -d marieclaire.store www.marieclaire.store \
> -d modamarieclaire.co www.modamarieclaire.co \
> -d modamarieclaire.info www.modamarieclaire.info \
> -d modamarieclaire.live www.modamarieclaire.live \
> -d modamarieclaire.online www.modamarieclaire.online \
> -d modamarieclaire.shop www.modamarieclaire.shop \
> -d modamarieclaire.site www.modamarieclaire.site \
> -d modamarieclaire.store www.modamarieclaire.store \
> -d modamarieclaire.today www.modamarieclaire.today \
> -d modamarieclaire.xyz www.modamarieclaire.xyz
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: www.modamarieclaire.com.au www.modamarieclaire.au www.modestclassy.com www.modestclassy.com.au www.modestclassy.au www.marieclaire.store www.modamarieclaire.co www.modamarieclaire.info www.modamarieclaire.live www.modamarieclaire.online www.modamarieclaire.shop www.modamarieclaire.site www.modamarieclaire.store www.modamarieclaire.today www.modamarieclaire.xyz
