femais.com için bir SSL/TLS sertifikası verilemedi
Ayrıntılar
femais.com için bir Let's Encrypt SSL/TLS sertifikası verilemedi.
http://femais.com/.well-known/acme-challenge/NxzOGiVRcoJNFgmN7qJ5mBexAduvah6kHOx5XeJLoLo üzerinde yetkilendirme belirteci yok.
Sorunu çözmek için, belirteç dosyasının yukarıdaki URL'den indirilebildiğinden emin olun.
Ayrıntılar için ilgili Bilgi Tabanı makalesine bakın.
Detaylar
Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/8308364040.
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: Invalid response from http://femais.com/.well-known/acme-challenge/NxzOGiVRcoJNFgmN7qJ5mBexAduvah6kHOx5XeJLoLo [95.173.179.170]: "\n<meta http-equiv="refresh" content="1" /><meta http-equiv="cache-control" content="max-age=0" /><meta http-equiv="c"
1 Like
rg305
2
Hi and welcome!
Please show the entire command that you ran.
1 Like
I'm doing it via plesk panel.
1 Like
rg305
4
Do you have root user access?
1 Like
rg305
6
That is good.
Can you show the nginx
vhost config file for that domain?
1 Like
#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
proxy_cache_path /var/cache/nginx/femais.com_proxy levels=1:2 keys_zone=femais.com_proxy:5m max_size=67108864;
fastcgi_cache_path /var/cache/nginx/femais.com_fastcgi levels=1:2 keys_zone=femais.com_fastcgi:5m max_size=67108864;
server {
listen 95.173.179.170:443 ssl;
ssl_certificate /usr/local/psa/var/certificates/scfKSm5sf;
ssl_certificate_key /usr/local/psa/var/certificates/scfKSm5sf;
server_name www.femais.com;
location / {
return 301 https://femais.com$request_uri;
}
}
server {
listen 95.173.179.170:443 ssl http2;
server_name femais.com;
server_name ipv4.femais.com;
ssl_certificate /usr/local/psa/var/certificates/scfKSm5sf;
ssl_certificate_key /usr/local/psa/var/certificates/scfKSm5sf;
client_max_body_size 128m;
root "/var/www/vhosts/femais.com/httpdocs";
access_log "/var/www/vhosts/system/femais.com/logs/proxy_access_ssl_log";
error_log "/var/www/vhosts/system/femais.com/logs/proxy_error_log";
add_header X-Cache-Status $upstream_cache_status;
set $no_cache "";
set $cache_cookie $http_cookie;
if ($cache_cookie !~ "^\s*$") {
set $no_cache 1;
}
#extension sslit begin
#extension sslit end
#extension letsencrypt begin
location ^~ /.well-known/acme-challenge/ {
root /var/www/vhosts/default/htdocs;
types { }
default_type text/plain;
satisfy any;
auth_basic off;
allow all;
location ~ ^/\.well-known/acme-challenge.*/\. {
deny all;
}
}
#extension letsencrypt end
location / {
proxy_pass https://95.173.179.170:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
proxy_cache_key "$scheme$request_method$host$request_uri";
proxy_no_cache $no_cache $http_pragma $http_authorization $arg_nocache;
proxy_cache_bypass $no_cache $http_pragma $http_authorization $arg_nocache;
proxy_cache femais.com_proxy;
proxy_cache_valid "5";
proxy_cache_use_stale http_500 http_502 http_503 http_504 updating;
proxy_cache_background_update on;
}
location ~ ^/(plesk-stat|awstats-icon|webstat|webstat-ssl|ftpstat|anon_ftpstat) {
proxy_pass https://95.173.179.170:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location @fallback {
proxy_pass https://95.173.179.170:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
proxy_cache_key "$scheme$request_method$host$request_uri";
proxy_no_cache $no_cache $http_pragma $http_authorization $arg_nocache;
proxy_cache_bypass $no_cache $http_pragma $http_authorization $arg_nocache;
proxy_cache femais.com_proxy;
proxy_cache_valid "5";
proxy_cache_use_stale http_500 http_502 http_503 http_504 updating;
proxy_cache_background_update on;
}
location ~ ^/(.*\.(ac3|avi|bmp|bz2|css|cue|dat|doc|docx|dts|eot|exe|flv|gif|gz|htm|html|ico|img|iso|jpeg|jpg|js|mkv|mp3|mp4|mpeg|mpg|ogg|pdf|png|ppt|pptx|qt|rar|rm|svg|swf|tar|tgz|ttf|txt|wav|woff|woff2|xls|xlsx|zip|webp))$ {
try_files $uri @fallback;
}
location ~ ^/~(.+?)(/.*?\.php)(/.*)?$ {
alias /var/www/vhosts/femais.com/web_users/$1/$2;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/femais.com/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_no_cache $no_cache $http_pragma $http_authorization $arg_nocache;
fastcgi_cache_bypass $no_cache $http_pragma $http_authorization $arg_nocache;
fastcgi_cache femais.com_fastcgi;
fastcgi_cache_valid "5";
fastcgi_cache_use_stale http_500 http_503 updating;
fastcgi_cache_background_update on;
}
location ~ ^/~(.+?)(/.*)?$ {
proxy_pass https://95.173.179.170:7081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
proxy_cache_key "$scheme$request_method$host$request_uri";
proxy_no_cache $no_cache $http_pragma $http_authorization $arg_nocache;
proxy_cache_bypass $no_cache $http_pragma $http_authorization $arg_nocache;
proxy_cache femais.com_proxy;
proxy_cache_valid "5";
proxy_cache_use_stale http_500 http_502 http_503 http_504 updating;
proxy_cache_background_update on;
}
location ~ \.php(/.*)?$ {
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass "unix:///var/www/vhosts/system/femais.com/php-fpm.sock";
include /etc/nginx/fastcgi.conf;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_no_cache $no_cache $http_pragma $http_authorization $arg_nocache;
fastcgi_cache_bypass $no_cache $http_pragma $http_authorization $arg_nocache;
fastcgi_cache femais.com_fastcgi;
fastcgi_cache_valid "5";
fastcgi_cache_use_stale http_500 http_503 updating;
fastcgi_cache_background_update on;
}
disable_symlinks if_not_owner "from=/var/www/vhosts/femais.com";
add_header X-Powered-By PleskLin;
include "/var/www/vhosts/system/femais.com/conf/vhost_nginx.conf";
}
server {
listen 95.173.179.170:80;
server_name www.femais.com;
location / {
return 301 https://femais.com$request_uri;
}
}
server {
listen 95.173.179.170:80;
server_name femais.com;
server_name ipv4.femais.com;
client_max_body_size 128m;
location / {
return 301 https://$host$request_uri;
}
}
1 Like
rg305
8
Something is preventing this from executing:
I don't get the redirection.
LE didn't get the redirection either.
Please show:
grep -Ri femais.com /etc/nginx/
1 Like
/etc/nginx/plesk.conf.d/vhosts/femais.com.conf:proxy_cache_path /var/cache/nginx /femais.com_proxy levels=1:2 keys_zone=femais.com_proxy:5m max_size=67108864;
/etc/nginx/plesk.conf.d/vhosts/femais.com.conf:fastcgi_cache_path /var/cache/ngi nx/femais.com_fastcgi levels=1:2 keys_zone=femais.com_fastcgi:5m max_size=671088 64;
/etc/nginx/plesk.conf.d/vhosts/femais.com.conf: server_name www.femais.com;
/etc/nginx/plesk.conf.d/vhosts/femais.com.conf: return 301 https://femai s.com$request_uri;
/etc/nginx/plesk.conf.d/vhosts/femais.com.conf: server_name femais.com;
/etc/nginx/plesk.conf.d/vhosts/femais.com.conf: server_name ipv4.femais.com;
/etc/nginx/plesk.conf.d/vhosts/femais.com.conf: root "/var/www/vhosts/femais.com /httpdocs";
/etc/nginx/plesk.conf.d/vhosts/femais.com.conf: access_log "/var/www/vhosts/syst em/femais.com/logs/proxy_access_ssl_log";
/etc/nginx/plesk.conf.d/vhosts/femais.com.conf: error_log "/var/www/vhosts/syste m/femais.com/logs/proxy_error_log";
/etc/nginx/plesk.conf.d/vhosts/femais.com.conf: proxy_cache femais.com_p roxy;
/etc/nginx/plesk.conf.d/vhosts/femais.com.conf: proxy_cache femais.com_p roxy;
/etc/nginx/plesk.conf.d/vhosts/femais.com.conf: alias /var/www/vhosts/fe mais.com/web_users/$1/$2;
/etc/nginx/plesk.conf.d/vhosts/femais.com.conf: fastcgi_pass "unix:///va r/www/vhosts/system/femais.com/php-fpm.sock";
/etc/nginx/plesk.conf.d/vhosts/femais.com.conf: fastcgi_cache femais.com _fastcgi;
/etc/nginx/plesk.conf.d/vhosts/femais.com.conf: proxy_cache femais.com_p roxy;
/etc/nginx/plesk.conf.d/vhosts/femais.com.conf: fastcgi_pass "unix:///va r/www/vhosts/system/femais.com/php-fpm.sock";
/etc/nginx/plesk.conf.d/vhosts/femais.com.conf: fastcgi_cache femais.com _fastcgi;
/etc/nginx/plesk.conf.d/vhosts/femais.com.conf: disable_symlinks if_not_owner "f rom=/var/www/vhosts/femais.com";
/etc/nginx/plesk.conf.d/vhosts/femais.com.conf: include "/var/www/vhosts/system/ femais.com/conf/vhost_nginx.conf";
/etc/nginx/plesk.conf.d/vhosts/femais.com.conf: server_name www.femais.com;
/etc/nginx/plesk.conf.d/vhosts/femais.com.conf: return 301 https://femai s.com$request_uri;
/etc/nginx/plesk.conf.d/vhosts/femais.com.conf: server_name femais.com;
/etc/nginx/plesk.conf.d/vhosts/femais.com.conf: server_name ipv4.femais.com;
/etc/nginx/plesk.conf.d/webmails/femais.com_webmail.conf: server_name "web mail.femais.com";
/etc/nginx/plesk.conf.d/webmails/femais.com_webmail.conf: server_name "web mail.femais.com";
/etc/nginx/plesk.conf.d/webmails/femais.com_webmail.conf.bak: server_name "web mail.femais.com";
/etc/nginx/plesk.conf.d/webmails/femais.com_webmail.conf.bak: server_name "web mail.femais.com";
The given URL opens without any problems.
https://femais.com/.well-known/acme-challenge/LVCM2tgG1HQj8y6Q5T52L_aWFPGG37XTj0vAj5IHd_M
There is no firewall barrier.
1 Like
rg305
10
The problem is LE looks for HTTP and nginx isn't sending it to HTTPS.
Try that link without the "s".
1 Like
rg305
11
Please show this included file:
include "/var/www/vhosts/system/femais.com/conf/vhost_nginx.conf"
1 Like
rg305
13
I'm happy to see that
What was the fix?
1 Like
Canceling a 301 redirect.
2 Likes
rg305
15
Something is still not right.
But I guess you can use that as a way to get renewals.
- turn off redirection
- get cert
- turn redirection back on
1 Like
If there is a problem again, I'll write it here.
2 Likes
system
Closed
17
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.