I am trying to add a SSL certificate for the domains www.gramgrown.com and gramgrown.com both served on flask using gunicorn. Both resolve over http. I get the following error when running sudo certbot certonly --webroot --webroot-path=/var/www/html -d gramgrown.com -d www.gramgrown.com

I am also using this tutorial https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

 Domain: gramgrown.com
   Type:   unauthorized
   Detail: Invalid response from
   http://gramgrown.com/.well-known/acme-challenge/9KacDy572kVqLZnVsqLlqM5cVR9x5ijs8zMR0d2Enxo:
   "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
   <title>404 Not Found</title>
   <h1>Not Found</h1>
   <p>The requested URL was"

   Domain: www.gramgrown.com
   Type:   unauthorized
   Detail: Invalid response from
   http://www.gramgrown.com/.well-known/acme-challenge/XjPLlJk_8MNoFyohKuZv8lulSRtrMu-PtKoIR5XE0-w:
   "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
   <title>404 Not Found</title>
   <h1>Not Found</h1>
   <p>The requested URL was"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
4 answers

Hi @sahopkins93

Can you post your Nginx server-block for that domain - located somewhere in /etc/nginx/sites-enabled/

  • This is for the domain
    “`server {
    listen 80;
    server_name gramgrown.com www.gramgrown.com;

    location / {
        include proxy_params;
        proxy_pass http://unix:/root/Solytics/SolyticsScript/SolyticsAPI/solytics_api.sock;
    
    }
    

    }”`

    This is the block for default

    server {
            listen 80 default_server;
            listen [::]:80 default_server;
    
            # SSL configuration
            #
            # listen 443 ssl default_server;
            # listen [::]:443 ssl default_server;
            #
            # Note: You should disable gzip for SSL traffic.
            # See: https://bugs.debian.org/773332
            #
            # Read up on ssl_ciphers to ensure a secure configuration.
            # See: https://bugs.debian.org/765782
            #
            # Self signed certs generated by the ssl-cert package
            # Don't use them in a production server!
            #
            # include snippets/snakeoil.conf;
    
            root /var/www/html;
    
            # Add index.php to the list if you are using PHP
            index index.html index.htm index.nginx-debian.html;
    
            server_name _;
    
            location / {
                    # First attempt to serve request as file, then
                    # as directory, then fall back to displaying a 404.
                    try_files $uri $uri/ =404;
            }
    
            location ~ /.well-known {
                    allow all;
            }
    }
    

@sahopkins93
Then your configuration files are off.
http://gramgrown.com/index.html = 404 Not Found
Do you have other files in /etc/nginx/sites-enabled/ ?
Do you have any server { ... } block sections in /etc/nginx/nginx.conf ?

I have default and solytics_api which is the domain

There is no server block in /etc/nginx/nginx.conf it is commented out.

Same error. I can’t access www.gramgrown.com/index.html either.

I changed the nameservers for this domain this morning at about 9:00am PST by the way, not sure if that has any implication.

  • Try this, since your root wasn’t defined before.

    server {
        listen 80;
        server_name gramgrown.com www.gramgrown.com;
    
        location / {
            include proxy_params;
            proxy_pass http://unix:/root/Solytics/SolyticsScript/SolyticsAPI/solytics_api.sock;
        }
    
        location ~ /.well-known {
            root /var/www/html;
            allow all;
        }
    }
    
      • @sahopkins93 Delete that file, since now we know it was the wrong configuration you pasted to begin with.
        Have you tried to get the certificate?

        • I just tried to get the certificate and it worked. Thank you!

          • @sahopkins93
            Yep, I can see that.
            May I recommend that you go through the Python/Gunicorn tutorial again, since you’re running your application as root, which means if there’s just a tiny flaw in your code, then someone could take over your server.
            Applications should never-ever run as root or even a user with sudo privileges - actually the user shouldn’t even be able to get shell.
            All the tutorials posted here on DigitalOcean always tries to focus on security, so they will recommend creating a dedicated user with no shell that runs services like that.

Submit an Answer