Unauthorized when generating cert

Hello, I am trying to generate certificates for my website http://www.walletfp.com/. In fact, I succeded some days ago by doing the exact same manipulation for a deleted since url www.test.walletfp.com on the same provider ( ovh for the domain). I am wondering if the problem can come from my old cert file still there

My domain is: http://www.walletfp.com/

I ran this command: docker run --rm -ti -v /root/certbot/www/:/var/www/certbot/ -v /root/certbot/conf/:/etc/letsencrypt/ certbot/certbot certonly --webroot --webroot-path /var/www/certbot/ -d walletfp.com -d www.walletfp.com

It produced this output:
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: walletfp.com
Type: unauthorized
Detail: The key authorization file from the server did not match this challenge

The operating system my web server runs on is debian 10

My hosting provider, if applicable, is: Hostinger

I can login to a root shell on my machine: yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is last docker certbot image

What is serving the files in /root/certbot/www and with what configuration?

1 Like

It's an nginx server serving var/www/certbot:

server {
  listen 80;
  listen [::]:80;
  server_name walletfp.com www.walletfp.com;
  server_tokens off;
  location /.well-known/acme-challenge/ {
      root /var/www/certbot;
  }
}

This config is not changed from the version working

Is that a path for the host machine or a path inside the container?

1 Like

It is a path inside the container. In the host server the certificates are located at /certbot/conf/live

maybe it is a problem of propagation though, the pointing to a new ip is from this afternoon

And nginx is inside the container or on the host machine?

2 Likes

inside the container but accessible by the exterior.
The container is launched doing the following:
docker run -d -p 80:80 -p 443:443 -v /root/certbot/www/:/var/www/certbot/ -v /root/certbot/conf/:/etc/nginx/ssl/ --name walletfp-react walletfp-react

So, it should work. It's probably some kind of strange issue that arises when sharing a volume with two containers (are they using the same uids? is it a permission issue?)

1 Like

the most strange part is that it worked for test.walletfp.com.
I deleted all the test. and use exactly the same config.
Maybe the propagation of dns? My domain is in France and my host in holland

You can try using --standalone instead of --webroot (and obviously the appropriate proxy_pass directives in the location block)

1 Like

Will do. can you be more specific about the proxy_pass? I remove my --webroot and --webrootpath I guess?

Please read the appropriate documentation.

You'll make certbot start its own webserver and nginx will behave as a reverse proxy. This way you don't share the webroot volume and this possible conflict gets avoided.

You should really be using docker-compose, though.

1 Like

Perhaps there is some useful information in the certbot log file:
/var/log/letsencrypt/letsencrypt.log

Also, we should have a look at the complete nginx config:
nginx -T

1 Like

guys I was juste stupid. My ipv4 was ok but I didn't change the ipv6 dns parameter. Works perfectly with the good value

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.