Lets Encrypt and Nginx Issue

Discussion in 'ISPConfig 3 Priority Support' started by Robson Lopes, Apr 23, 2016.

Page 1 of 2
  1. Robson Lopes

    Robson Lopes New Member

    Hello,
    I'm using ISPConfig 3.1 from the Alpha version and even now updating Beta, LetsEncrypt does not work.
    1 - My initial problem was that Letsencrypt issued a certificate but with key mismatch problem
    2 - Now the problem is the following failed (2: No such file or directory), client: 66.133.109.36, server: sub.domain.com, request: "GET /.well-known/acme-challenge/FWGMfDFr9LLJM9o7mO7vyki5EmUCVFH5OsVo48Paez4 HTTP/1.1", host: "sub.domain.com"

    I am using Nginx.

    If anyone can help, thank you!
     
    Robson Lopes, Apr 23, 2016
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Does the nginx vhost file of this website contains this part?

    Code:
    location /\.well-known/acme-challenge {
      root /usr/local/ispconfig/interface/acme/.well-known/acme-challenge;
      index index.html index.htm;
      try_files $uri =404;
}
    if not, then run Tools > Resync to get all vhost files updated.
     
    till, Apr 25, 2016
    #2
  3. Robson Lopes

    Robson Lopes New Member

    Robson Lopes, Apr 25, 2016
    #3
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    The error message in the nginx.log is gone now when you create a new ssl cert?
     
    till, Apr 25, 2016
    #4
  5. Robson Lopes

    Robson Lopes New Member

    I found the problem on /var/log/ispconfig/httpd/domain.com/error.log

    After Rsync

    [error] 2771#0: *19 access forbidden by rule, client: 66.133.109.36, server: domain.com.br, request: "GET /.well-known/acme-challenge/tDYb-lM8wg-GzqI56-fKJ4xeoS3PjLbb-19J2l2lZos HTTP/1.1", host: "domain.com.br"
     
    Robson Lopes, Apr 25, 2016
    #5
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Please check the vhost file of this website, it should contain this code:

    Code:
    ## Disable .htaccess and other hidden files
        location ~ /\.(?!well-known/acme-challenge/) {
            deny all;
            access_log off;
            log_not_found off;
        }
    which should allow access to /.well-known/acme-challenge/. If this code is there and it is still not working, try to change it to:

    Code:
    ## Disable .htaccess and other hidden files
        location ~ /\.(?!well-known) {
            deny all;
            access_log off;
            log_not_found off;
        }
     
    till, Apr 25, 2016
    #6
  7. Robson Lopes

    Robson Lopes New Member

    Now changed too
    14 open() "/var/www/domain.com/web/.well-known/acme-challenge/KPjcEcV_NMarHjlAVVLLlNnxC7QJVIrbcdgyUzuUF44" failed (2: No such file or directory), client: 66.133.109.36, server: domain.com, request: "GET /.well-known/acme-challenge/KPjcEcV_NMarHjlAVVLLlNnxC7QJVIrbcdgyUzuUF44 HTTP/1.1", host: "domain.com
     
    Robson Lopes, Apr 25, 2016
    #7
  8. Robson Lopes

    Robson Lopes New Member

    Now, Forbiden again when using
    ## Disable .htaccess and other hidden files
    location ~ /\.(?!well-known) {
    deny all;
    access_log off;
    log_not_found off;
    }
     
    Robson Lopes, Apr 25, 2016
    #8
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    till, Apr 25, 2016
    #9
  10. Robson Lopes

    Robson Lopes New Member

    Thaank You Till.
     
    Robson Lopes, Apr 25, 2016
    #10
  11. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    The issue has been fixed in stable-3.1 branch.
     
    Croydon, Apr 27, 2016
    #11
  12. Robson Lopes

    Robson Lopes New Member

    Hello friend

    access forbidden by rule, client: 66.133.109.36,, request: "GET /.well-known/acme-challenge/6aznz_5LNoxklp-73RNz2Vk2YIwtp9jy8EO_BsGIxyA
     
    Robson Lopes, Apr 27, 2016
    #12
  13. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    I tested it on a freshly installed nginx server and it works there. Please make sure you have the latest vhost conf template as there was a misconfigured block earlier.
     
    Croydon, Apr 27, 2016
    #13
  14. Robson Lopes

    Robson Lopes New Member

    Sorry, i updated now, and the log show

    2016/04/27 07:47:09 [error] 31369#0: *3 open() "/var/www/domain.com/web/.well-known/acme-challenge/qEJ1yyGkJlRJycV42Fu7PZwNoZXpdZpESIM6rlQ6g3E" failed (2: No such file or directory), client: 66.133.109.36, server: domain.com, request: "GET /.well-known/acme-challenge/qEJ1yyGkJlRJycV42Fu7PZwNoZXpdZpESIM6rlQ6g3E HTTP/1.1", host: "domain.com"
     
    Robson Lopes, Apr 27, 2016
    #14
  15. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    @robson: Please check your site's vhost file if the location for well-known is there (location ~ /.well-known ... etc.)
    Code:
    location ~ /\.well-known/acme-challenge/ {
           root /usr/local/ispconfig/interface/acme/;
           index index.html index.htm;
           try_files $uri =404;
        }
     
    Croydon, Apr 27, 2016
    #15
  16. Robson Lopes

    Robson Lopes New Member

    Yes, and still
    access forbidden by rule
     
    Robson Lopes, Apr 27, 2016
    #16
  17. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    And earlier in the file, is it
    Code:
    location ~ /\. {
            deny all;
            access_log off;
            log_not_found off;
        }
    or
    Code:
    location ~ /\.(?!well-known/acme-challenge/) {
            deny all;
            access_log off;
            log_not_found off;
        }
     
    Croydon, Apr 27, 2016
    #17
  18. Robson Lopes

    Robson Lopes New Member

    Yes, removed it too
    forbidden by rule
     
    Robson Lopes, Apr 27, 2016
    #18
  19. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    Then there must be a non-default rule in your files somewhere. Please check your files for any deny rule.
     
    Croydon, Apr 27, 2016
    #19
  20. Robson Lopes

    Robson Lopes New Member

    I will try with a fresh install nginx
     
    Robson Lopes, Apr 27, 2016
    #20
Page 1 of 2

Share This Page