Will using proxy_pass for subdomain affect installation process?

Hey everyone,

I have ran an install of certbot for my domains domain.net and www.domain.net
this worked wonderfully and I was able to secure the website.

I have a blog that I would like to secure. On the server, it is setup with ghost in a separate folder and I am running a proxy pass on:2000. Now I have tried to run the installer again to cover the blog.domain.net and www.blog.domain.net and I am getting an error ‘Failed Authorization Procedure’.

I have tried placing:
location ~ /.well-known {
allow all;
}

within the sites-available/domain.net.conf file, as well as the con.f/domain.net/conf file and still whenever I run certbot it is outputting:

Failed authorization procedure. blog.repcleaner.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://blog.domain.net/.well-known/acme-challenge/FVQmSHuCmeiOObPDOCiD2OFP8Ivvst5n2ZwIZoeXGU8: "<html>
404 Not Found

404 Not Found


"

IMPORTANT NOTES:

Note* i replaced my actual website domain with ‘domain’ in the above example

Without your real domain name it’s very difficult to test and diagnose.

Basically you need to provide a pure text file in your webroot/.well-known/acme-challenge/test and for it to be accessible from the internet at blog.domain.net/.well-known/acme-challenge/test

Hi Thanks for the response serverco,

I was able to figure out the issue. I provided a direct path instead of allow all.
Example"
location ~ /.well-known {
/var/www/blog.domain.net/html
}

However, now my site is showing as secure/encrypted but it is returning an nginx 403 forbidden :frowning:

Again I’d be guessing without a little more detail.

Do you have somthing different in your config - such as a “Order allow,deny” but no “Allow from all” in the HTTPS part of the config ?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.