hi
I have a nginx docker that I use as reverse proxy. I been trying to auto renew my certs lately and followed this blog to do so. I had my certs working before but now they are not working.
My domain is: 1040nra.com
I ran this command: certbot certonly --webroot -w /var/www/certbot -d 1040nra.com
It produced this output:
*Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for 1040nra.com
http-01 challenge for www.1040nra.com
Using the webroot path /var/www/certbot for all unmatched domains.
Waiting for verification…
Challenge failed for domain 1040nra.com
Challenge failed for domain www.1040nra.com
http-01 challenge for 1040nra.com
http-01 challenge for www.1040nra.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: 1040nra.com
Type: unauthorized
Detail: Invalid response from
http://1040nra.com/.well-known/acme-challenge/NX6nmGvCUpg5L_c_hGePFu6ffuu2wn6MJ2CWHsg3PSw
[167.99.107.175]: “\r\n404 Not
Found\r\n\r\n
404 Not
Found
\r\n
nginx/1.15.12</c”
Domain: www.1040nra.com
Type: unauthorized
Detail: Invalid response from
http://www.1040nra.com/.well-known/acme-challenge/UFJgtKNI2FZtJne5GGnEFeuYfMS8qVF_UlPTJpBOb9s
[167.99.107.175]: "\r\n404 Not
404 Not
nginx/1.15.12
To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.*
My web server is (include version): spring boot [tomcat]
The operating system my web server runs on is (include version): ubuntu 18.04
My hosting provider, if applicable, is: digital ocean
I can login to a root shell on my machine (yes or no, or I don’t know):yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
Nginx.conf
server {
listen 80;
server_name 1040nra.com;
server_tokens off;
location /.well-known/acme-challenge/ {
allow all;
root /var/www/certbot;
}
return 301 https://www.1040nra.com$request_uri;
}
server {
listen 443 ssl;
server_name 1040nra.com;
ssl_certificate /etc/letsencrypt/live/1040nra.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/1040nra.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://1040nra.com;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
Docker compose
nginx:
image: nginx:1.15-alpine
volumes:
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
ports:
- 80:80
- 443:443
depends_on:
- keycloak
- dt-app
links:
- keycloak
- dt-app
command: “/bin/sh -c ‘while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g “daemon off;”’”
certbot:
image: certbot/certbot
restart: unless-stopped
volumes:
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
entrypoint: “/bin/sh -c ‘trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;’”
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Try DigitalOcean for free
Click below to sign up and get $100 of credit to try our products over 60 days!
Hello,
I think that you are experiencing the problem because you don’t have your www version added in your
server_namelist. I would recommend trying to add it and then test again. It should look something like this for both your http and https server blocks:Then run a config test with
nginx -tand if you getSyntax OKrun a quick restart and then try again.Hope that this helps! Regards, Bobby