Let's Encrypt token file not found, nginx 'location' statement not working

Discussion in 'Installation/Configuration' started by Keen Mouse, Jan 17, 2019.

Tags:
  1. Keen Mouse

    Keen Mouse New Member

    Ubuntu 18.04.1 LTS
    ISPConfig 3.1.13
    nginx

    I'm having trouble obtaining Let's Encrypt certificates. Let's Encrypt is getting a 404 when attempting to access the token file:
    Code:
       Domain: testing.[domain].com
   Type:   unauthorized
   Detail: Invalid response from
   http://testing.[domain].com/.well-known/acme-challenge/gL6rp6uI1IcLYtExxa8AqcxqdZkTA5g-kuA-jmfoLYQ:
   "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body
   bgcolor=\"white\">\r\n<center><h1>404 Not
   Found</h1></center>\r\n<hr><center>"
    I've narrowed down the problem to the fact that the 'location' sections in the vhost configurations aren't working:
    Code:
    location ^~ /.well-known/acme-challenge/ {
    access_log off;
    log_not_found off;
    root /usr/local/ispconfig/interface/acme/;
    autoindex off;
    index index.html;
    try_files $uri $uri/ =404;
}
    If I place a test file at /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/test, I get a 404 when I browse to /.well-known/acme-challenge/test on any domain on the server. I don't understand why the location sections are being ignored. I don't think I have anything out of the ordinary in my configuration except for changing the location of phpmyadmin, which I did properly via /usr/local/ispconfig/server/conf-custom/nginx_apps.vhost.master.

    I have attached the anonymized output of nginx -T.
     

    Attached Files:

    Last edited: Jan 17, 2019
    Keen Mouse, Jan 17, 2019
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The location statement is fine, I have several nginx servers here that use the same statement and LE works there without issues. Do you have any custom niginx configuration set in the ngins directives field of the website?
     
    till, Jan 18, 2019
    #2
  3. Keen Mouse

    Keen Mouse New Member

    No. If I did, they'd show up in the nginx -T output. That shows everything nginx is aware of.

    I'm completely stumped why I get a 404 for anything I put in /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/. I've confirmed there are no symlinks in the path. I've ruled out DNS too; the access.log confirms that requests are coming in to the right server:

    Code:
    66.133.109.36 - - [18/Jan/2019:20:22:05 +0000] "GET /.well-known/acme-challenge/OuoaDd0w8N0NaaoO-FkY6rfDwMi3c0jh1i3XwuUYDPs HTTP/1.1" 404 152 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
     
    Keen Mouse, Jan 18, 2019
    #3
  4. Keen Mouse

    Keen Mouse New Member

    I'm sorry; I must have had an incorrect understanding of the procedure. I discovered that my test file was accessible by HTTPS but not HTTP, and that I was getting the wrong self-generated certificate. I hadn't generated a certificate for the site yet. I didn't realize I had to do that first, but once I did, the problem went away. Thanks for bearing with me.
     
    Keen Mouse, Jan 18, 2019
    #4

Share This Page