Loading
I’m trying to verify a file upload for SSL certificate.
The file needs to be .well-known/acme-challenge/file
I have successfully placed the file as above, but while accessing the same file from the web http://weburl.com/.well-known/acme-challenge/file, 404 error is coming up.
When I place the same file in .well-known/ the file can be access from the path http://weburl.com/.well-known/file successfully.
My nginx configuration:
server {
listen 80;
server_name weburl.com;
root /var/www/html;
location ~ /.well-known {
allow all;
}
location ~ /.well-known/acme-challenge/ {
allow all;
root /var/www/html;
try_files $uri =404;
break;
}
}
asked May 30, 2018 at 10:46
1
You have to grant permissions for www-data user.
sudo chown -R www-data:www-data .well-known
answered Oct 29, 2018 at 0:32
northtreenorthtree
8,45911 gold badges61 silver badges80 bronze badges
In the first case it looks for /var/www/html/.well-known/file.
In the second case it looks for /var/www/html/file.
What you intend is for it to find /var/www/html/.well-known/acme-challenge/file
This is because you specify root in the location block, which changes where it reads the file from.
So instead of this:
location ~ /.well-known/acme-challenge/ {
allow all;
root /var/www/html; # <================= Your problem, sir
try_files $uri =404;
break;
}
You should have this:
location ~ /.well-known/acme-challenge/ {
allow all;
try_files $uri =404;
break;
}
Shameless plug: If you’re just doing simple virtual hosting and you’re familiar with node at all you might like Greenlock.
answered May 31, 2018 at 20:36
coolaj86coolaj86
73.2k19 gold badges103 silver badges123 bronze badges
1
If you have installed the LetsEcnrypt module on Plesk, but for some reason you need to authorize for eg. example.com manually like we do.
Add you authorization code to
/var/www/vhosts/default/htdocs/.well-known/acme-challenge
instead of expected (domain webroot)
/var/www/vhosts/example.com/htdocs/.well-known/acme-challenge
To find so I had to check /var/www/vhosts/system/example.com/conf/httpd.conf
answered Aug 28, 2018 at 9:30
NedvajzNedvajz
8818 silver badges13 bronze badges
1. Проверьте права доступа к папке acme-challenge , возможно, веб-сервер не имеет права читать их неё. Нужен ‘-rx’ для юзера, под которым крутится веб-сервер (или его группы).
2. В конфиге веб-сервера должен быть прописан
Alias /.well-known/acme-challenge/ /u/www/virtual/letsencrypt/.well-known/acme-challenge/и
<Directory "/ваш путь на сервере/.well-known/acme-challenge/">
Options None
AllowOverride None
ForceType text/plain
Order allow,deny
Allow from all
RedirectMatch 404 "^(?!/.well-known/acme-challenge/[w-]{43}$)"
</Directory>3. ваш «файл без расширения» не попадает под регулярку
RedirectMatch 404 "^(?!/.well-known/acme-challenge/[w-]{43}$)"закомментируйте эту строку и перезапустите веб-сервер — файл должен показаться. Но потом раскомментируйте её обратно, это защита от «хакеров».
I just playing with the example configuration, cloned this repo — https://github.com/fatk/docker-letsencrypt-nginx-proxy-companion-examples — and configured with a test url like ‘dev.test.site.com’.
the acme challanges were always failed:
letsencrypt-nginx-proxy-companion | 2016/12/19 12:03:59 Received signal: terminated
letsencrypt-nginx-proxy-companion | 2016/12/19 12:03:59 Received signal: terminated
letsencrypt-nginx-proxy-companion | 2016/12/19 12:04:02 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/update_certs'
letsencrypt-nginx-proxy-companion | 2016/12/19 12:04:02 Watching docker events
letsencrypt-nginx-proxy-companion | Reloading nginx proxy (using separate container nginx-gen)...
letsencrypt-nginx-proxy-companion | 2016/12/19 12:04:02 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/update_certs'
letsencrypt-nginx-proxy-companion | Creating/renewal dev.test.site.com certificates... (dev.test.site.com)
letsencrypt-nginx-proxy-companion | 2016-12-19 12:04:03,319:INFO:simp_le:1211: Generating new account key
letsencrypt-nginx-proxy-companion | 2016-12-19 12:04:04,820:INFO:requests.packages.urllib3.connectionpool:756: Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
letsencrypt-nginx-proxy-companion | 2016-12-19 12:04:05,436:INFO:requests.packages.urllib3.connectionpool:756: Starting new HTTPS connection (1): letsencrypt.org
letsencrypt-nginx-proxy-companion | 2016-12-19 12:04:06,446:INFO:requests.packages.urllib3.connectionpool:207: Starting new HTTP connection (1): dev.test.site.com
letsencrypt-nginx-proxy-companion | 2016-12-19 12:04:06,472:WARNING:simp_le:1303: dev.test.site.com was not successfully self-verified. CA is likely to fail as well!
letsencrypt-nginx-proxy-companion | 2016-12-19 12:04:06,698:INFO:simp_le:1313: Generating new certificate private key
letsencrypt-nginx-proxy-companion | 2016-12-19 12:04:09,685:ERROR:simp_le:1271: CA marked some of the authorizations as invalid, which likely means it could not access http://example.com/.well-known/acme-challenge/X. Did you set correct path in -d example.com:path or --default_root? Is there a warning log entry about unsuccessful self-verification? Are all your domains accessible from the internet? Failing authorizations: https://acme-v01.api.letsencrypt.org/acme/authz/k8nebPmh3hSORfdNao9RJNf7lO5m-YY4G2I5N3eXh_k
letsencrypt-nginx-proxy-companion | Challenge validation has failed, see error log.
letsencrypt-nginx-proxy-companion |
letsencrypt-nginx-proxy-companion | Debugging tips: -v improves output verbosity. Help is available under --help.
letsencrypt-nginx-proxy-companion | Sleep for 3600s
The problem was, nginx says HTTP 404
nginx | dev.test.site.com 172.19.0.1 - - [19/Dec/2016:12:04:06 +0000] "GET /.well-known/acme-challenge/ML2dYN0tmKtoxKNIR9SMqiPHAScQEwtglUJZk1KW2ab HTTP/1.0" 404 169 "-" "python-requests/2.8.1"
nginx | dev.test.site.com 172.19.0.1 - - [19/Dec/2016:12:04:06 +0000] "GET /.well-known/acme-challenge/ML2dYN0tmKtoxKNIR9SMqiPHAScQEwtglUJZk1KW2ab HTTP/1.0" 404 169 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
despite the challange file is exists:
/usr/share/nginx/html/.well-known/acme-challenge/ML2dYN0tmKtoxKNIR9SMqiPHAScQEwtglUJZk1KW2ab
I found, the problem is with the vhost.d/default.conf file:
location /.well-known/acme-challenge/ {
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
after I change the location config for this:
location ~ /.well-known/acme-challenge/ {
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
Now the nginx able find the challenge files in /usr/share/nginx/html/.well-known/acme-challenge/ folder and the cert generating and verifying is going well
I have an Nginx backend server that has a Let’s Encrypt certificate. Now, I want to add an Nginx reverse proxy and create a Let’s Encrypt certificate for it. When I try to reach http://jcp-connect.fr/.well-known/acme-challenge/test, It returns a 404 status.
Firstly, I created a webroot:
mkdir -p /var/www/jcp/.well-known/acme-challenge- Create file to test
echo "nginx is awesome!" > /var/www/jcp/.well-known/acme-challenge/test.html
In my Nginx proxy configuration file at `/etc/nginx/sites-available/reverse I set the following:
server {
listen 80;
listen [::]:80;
server_name jcp-connect.fr;
index index.htm index.html;
location /.well-known/acme-challenge {
root /usr/share/nginx/html;
}
location / {
try_files $uri/index.html $uri.html $uri @backend;
}
location @backend {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://jcp-connect.fr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 900s;
}
}
My Nginx backend server has an IP@ 192.168.1.45 and it is in another different host.
kenlukas
3,0712 gold badges15 silver badges25 bronze badges
asked Dec 11, 2019 at 23:07
1
I’m sorry, but this is a typos I forgot to modify it only in this post only but in my code it’s ok :
mkdir -p /usr/share/nginx/html/.well-known/acme-challenge
Create file to test echo
«nginx is awesome!» > /usr/share/nginx/html/.well-known/acme-challenge/test.html
answered Dec 12, 2019 at 8:41
ritarita
113 bronze badges