This might be a simple error but I can't seem to use certbot
to verify my domain. I am using nginx that is connected to an express application. I have commented out the configurations from the default nginx file and it only includes the configurations for my site from /etc/nginx/conf.d/mysite.info
. In my configuration, the first location entry points to the root /.well-known/acme-challenge
directory. Here's the settings from my nginx conf file:
server {
listen 80;
server_name <MYDOMAIN>.info www.<MYDOMAIN>.info;
location '/.well-known/acme-challenge' {
root /srv/www/<MY_ROOT_DIRECTORY>;
}
location / {
proxy_pass http://localhost:4200;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /secure {
auth_pam "Secure zone";
auth_pam_service_name "nginx";
}
}
To verfiy, I used the following certbot command:
certbot certonly --agree-tos --email <My_EMAIL>@gmail.com --webroot -w /srv/www/<ROOT_FOLDER>/ -d <DOMAIN>.info
The error for certbot are as follows:
Performing the following challenges:
http-01 challenge for <MYDOMAIN>.info
Using the webroot path /srv/www/<ROOT_FOLDER> for all unmatched domains.
Waiting for verification...
Challenge failed for domain <MYDOMAIN>.info
http-01 challenge for <MYDOMAIN>.info
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: <MYDOMAIN>.info
Type: unauthorized
Detail: Invalid response from
http://<MYDOMAIN>.info/.well-known/acme-challenge/Yb3c1WtCn5G43YatrhVorTbT_nn3WKTLwKjr0c9dW8E
[74.208.<...>.<...>]: "<!DOCTYPE html>\n<html
lang=\"en\">\n<head>\n<meta
charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Cannot
GET /.well-known/"
I am literally clueless at this point. All the directories and files have read permission for all users and groups. Any suggestions will be highly appreciated.
EDIT
Since Nginx was failing to deliver the challenge files, I modified my express server to send the files. The express app is accessible and it was easy to send the challenge files to get certbot
to work. Although not the desired solution it worked. However, I will keep the post open for a better answer.
About:
Challenge failed for domain
This error can happen if you does not have the port 443
opened in your firewall.
I have the same problem trying to make the certbot
works on AWS. After some tries, I just needed to open the port 443
in the Security Group associated with the EC2 instance.