My domain is:
crt.sh | autocensor.ru)
i'm using jonasal/nginx-certbot image for letsencript certificates generate.
docker-compose.yml:
version: '3'
services:
nginx:
image: jonasal/nginx-certbot:latest
restart: unless-stopped
environment:
- CERTBOT_EMAIL=your@email.org
env_file:
- ./nginx-certbot.env
ports:
- 80:80
- 443:443
volumes:
- nginx_secrets:/etc/letsencrypt
- ./user_conf.d:/etc/nginx/user_conf.d
volumes:
nginx_secrets:
nginx-certbot.env:
# Required
CERTBOT_EMAIL=your@email.org
# Optional (Defaults)
STAGING=0
DHPARAM_SIZE=2048
RSA_KEY_SIZE=2048
ELLIPTIC_CURVE=secp256r1
USE_ECDSA=0
RENEWAL_INTERVAL=8d
# Advanced (Defaults)
DEBUG=0
USE_LOCAL_CA=0
example_server.conf:
server {
# Listen to port 443 on both IPv4 and IPv6.
listen 443 ssl default_server reuseport;
listen [::]:443 ssl default_server reuseport;
# Domain names this server should respond to.
server_name autocensor.ru www.autocensor.ru;
# Load the certificate files.
ssl_certificate /etc/letsencrypt/live/autocensor.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/autocensor.ru/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/autocensor.ru/chain.pem;
# Load the Diffie-Hellman parameter.
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
return 200 'Let\'s Encrypt certificate successfully installed!';
add_header Content-Type text/plain;
}
and on docker-compose up running i get this error:
Requesting a certificate for autocensor.ru and www.autocensor.ru nginx_1 | nginx_1 | Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: nginx_1 | Domain: autocensor.ru nginx_1 | Type:
unauthorized nginx_1 | Detail: The key authorization file from the server did not match this challenge "pp6XaPNCuZawYdO3O7FNKHfeWtpf1bQzcoIyXVGNOzM.kTA13USq2rwk6zJAuXHkRl6UF3hcK_tiHGRBYu100gU" != "pp6XaPNCuZawYdO3O7FNKHfeWtpf1bQzcoIyXVGNOzM"
i'm using jonasal/nginx-certbot image for letsencript certificates generate.
docker-compose.yml:
version: '3'
services:
nginx:
image: jonasal/nginx-certbot:latest
restart: unless-stopped
environment:
- CERTBOT_EMAIL=your@email.org
env_file:
- ./nginx-certbot.env
ports:
- 80:80
- 443:443
volumes:
- nginx_secrets:/etc/letsencrypt
- ./user_conf.d:/etc/nginx/user_conf.d
volumes:
nginx_secrets:
nginx-certbot.env:
# Required
CERTBOT_EMAIL=your@email.org
# Optional (Defaults)
STAGING=0
DHPARAM_SIZE=2048
RSA_KEY_SIZE=2048
ELLIPTIC_CURVE=secp256r1
USE_ECDSA=0
RENEWAL_INTERVAL=8d
# Advanced (Defaults)
DEBUG=0
USE_LOCAL_CA=0
example_server.conf:
server {
# Listen to port 443 on both IPv4 and IPv6.
listen 443 ssl default_server reuseport;
listen [::]:443 ssl default_server reuseport;
# Domain names this server should respond to.
server_name autocensor.ru www.autocensor.ru;
# Load the certificate files.
ssl_certificate /etc/letsencrypt/live/autocensor.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/autocensor.ru/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/autocensor.ru/chain.pem;
# Load the Diffie-Hellman parameter.
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
return 200 'Let\'s Encrypt certificate successfully installed!';
add_header Content-Type text/plain;
}
and on docker-compose up running i get this error:
Requesting a certificate for autocensor.ru and www.autocensor.ru nginx_1 | nginx_1 | Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: nginx_1 | Domain: autocensor.ru nginx_1 | Type:
unauthorized nginx_1 | Detail: The key authorization file from the server did not match this challenge "pp6XaPNCuZawYdO3O7FNKHfeWtpf1bQzcoIyXVGNOzM.kTA13USq2rwk6zJAuXHkRl6UF3hcK_tiHGRBYu100gU" != "pp6XaPNCuZawYdO3O7FNKHfeWtpf1bQzcoIyXVGNOzM"
however, https://autocensor.ru/.well-known/acme-challenge/pp6XaPNCuZawYdO3O7FNKHfeWtpf1bQzcoIyXVGNOzM.kTA13USq2rwk6zJAuXHkRl6UF3hcK_tiHGRBYu100gU shows the full hash code and it does not seem that certbot cut it off for some reason.
i tried to do that using the original phusion/baseimage image. The result is the same. What i'm doing wrong?
Maybe i have to output only the part of the hash? I tried to print out other content and it showed me smth like this:
"pp6XaPNCuZawYdO3O7FNKHfeWtpf1bQzcoIyXVGNOzM.kTA13USq2rwk6zJAuXHkRl6UF3hcK_tiHGRBYu100gU" != "content"
it means that the output content stays from the right side.
I also ran this command just using plain certbot:
certbot certonly --webroot -w /var/www/certbot \
--email test@email.org \
-d autocensor.ru \
--rsa-key-size 4096 \
--agree-tos \
--force-renewal
and it produced the same output.
My web server is (include version): jonasal/nginx-certbot:latest
The operating system my web server runs on is (include version): Debian 8 or MacOS 11.4
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): 1.18.0
There are lots of similar posts, but everywhere the problem with access to token. In my case token works properly.