My domain is: http://graphicsfactory.com
It produced this output:
My web server is (include version): nginx,
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
VestaCP
My nginx config works like so:
location ~ "^/\.well-known/acme-challenge/(.*)$" {
default_type text/plain;
return 200 "$1.GnfiMH2S5ViPzsSOGrK2620kfbTIFfpAR2eu8DARu0k";
}
When I test a sample URL using curl it works as expected:
curl --verbose -4 http://graphicsfactory.com/.well-known/acme-challenge/foo
* Trying 45.33.33.185...
* Connected to graphicsfactory.com (45.33.33.185) port 80 (#0)
> GET /.well-known/acme-challenge/foo HTTP/1.1
> Host: graphicsfactory.com
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx
< Date: Fri, 15 Sep 2017 14:33:57 GMT
< Content-Type: text/plain
< Content-Length: 47
< Connection: keep-alive
< Keep-Alive: timeout=60
<
* Connection #0 to host graphicsfactory.com left intact
foo.GnfiMH2S5ViPzsSOGrK2620kfbTIFfpAR2eu8DARu0k
The error I get when trying to enable LE in VestaCP is:
Error: The key authorization file from the server did not match this challenge [m2RfT_XITIjYDwI90GxKh1qtdOrmLjFFNh-2uj33krw.GnfiMH2S5ViPzsSOGrK2620kfbTIFfpAR2eu8DARu0k] != [m2RfT_XITIjYDwI90GxKh1qtdOrmLjFFNh-2uj33krw.Fa081ei6SkGzsDyYL49JPrBE46agANOaAAByu9-jSrM]
The problem seems to be with the challenge - it seems to be looking for:
.Fa081ei6SkGzsDyYL49JPrBE46agANOaAAByu9-jSrM
I'm assuming this is the old code from the server we have moved from. Is there a way to reset this, so that the code on the new server is the one it's expecting? For the moment, I have had to copy over the crt/icrt/key contents over to the new server, and manually configured them. This won't work in the long run as obviously it won't auto renew on the new server. Any suggestions would be much appreciated
Thanks
Andy