Related

Tool NGINX Config Generator Tool
PHP Error Log: authz_core:error - For files that don't exists on my server Question Question
Connect to DB installed into dedicated VPS (private networking) Question Question

Question

Letsencrypt client failed authorization

Posted July 5, 2017 6.9k views
NginxSecurityPython FrameworksDeploymentLet's EncryptUbuntu 16.04

I am trying to add a SSL certificate for the domains www.gramgrown.com and gramgrown.com both served on flask using gunicorn. Both resolve over http. I get the following error when running sudo certbot certonly --webroot --webroot-path=/var/www/html -d gramgrown.com -d www.gramgrown.com

I am also using this tutorial https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

 Domain: gramgrown.com
   Type:   unauthorized
   Detail: Invalid response from
   http://gramgrown.com/.well-known/acme-challenge/9KacDy572kVqLZnVsqLlqM5cVR9x5ijs8zMR0d2Enxo:
   "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
   <title>404 Not Found</title>
   <h1>Not Found</h1>
   <p>The requested URL was"

   Domain: www.gramgrown.com
   Type:   unauthorized
   Detail: Invalid response from
   http://www.gramgrown.com/.well-known/acme-challenge/XjPLlJk_8MNoFyohKuZv8lulSRtrMu-PtKoIR5XE0-w:
   "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
   <title>404 Not Found</title>
   <h1>Not Found</h1>
   <p>The requested URL was"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.
Add a comment
sahopkins93
By:
sahopkins93
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
4 answers
hansen July 5, 2017

Hi @sahopkins93

Can you post your Nginx server-block for that domain - located somewhere in /etc/nginx/sites-enabled/

Reply Report
  • sahopkins93 July 5, 2017

    This is for the domain
    “`server {
    listen 80;
    server_name gramgrown.com www.gramgrown.com;

    location / {
    include proxy_params;
    proxy_pass http://unix:/root/Solytics/SolyticsScript/SolyticsAPI/solytics_api.sock;

}

    }”`

    This is the block for default

    server {
        listen 80 default_server;
        listen [::]:80 default_server;

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name _;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

        location ~ /.well-known {
                allow all;
        }
}
    Reply Report
hansen July 5, 2017

@sahopkins93
Then your configuration files are off.
http://gramgrown.com/index.html = 404 Not Found
Do you have other files in /etc/nginx/sites-enabled/ ?
Do you have any server { ... } block sections in /etc/nginx/nginx.conf ?

Reply Report
sahopkins93 July 5, 2017

I have default and solytics_api which is the domain

There is no server block in /etc/nginx/nginx.conf it is commented out.

Reply Report
sahopkins93 July 5, 2017

Same error. I can’t access www.gramgrown.com/index.html either.

I changed the nameservers for this domain this morning at about 9:00am PST by the way, not sure if that has any implication.

Reply Report
  • hansen July 5, 2017

    Try this, since your root wasn’t defined before.

    server {
    listen 80;
    server_name gramgrown.com www.gramgrown.com;

    location / {
        include proxy_params;
        proxy_pass http://unix:/root/Solytics/SolyticsScript/SolyticsAPI/solytics_api.sock;
    }

    location ~ /.well-known {
        root /var/www/html;
        allow all;
    }
}
    Reply Report
    • sahopkins93 July 5, 2017

      Done. still cant see www.gramgrown.com/index.html

      Reply Report
      • hansen July 5, 2017

        @sahopkins93 Delete that file, since now we know it was the wrong configuration you pasted to begin with.
        Have you tried to get the certificate?

        Reply Report
        • sahopkins93 July 5, 2017

          I just tried to get the certificate and it worked. Thank you!

          Reply Report
          • hansen July 5, 2017

            @sahopkins93
            Yep, I can see that.
            May I recommend that you go through the Python/Gunicorn tutorial again, since you’re running your application as root, which means if there’s just a tiny flaw in your code, then someone could take over your server.
            Applications should never-ever run as root or even a user with sudo privileges - actually the user shouldn’t even be able to get shell.
            All the tutorials posted here on DigitalOcean always tries to focus on security, so they will recommend creating a dedicated user with no shell that runs services like that.

            Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help