Question 97525 in Nginx Question posted in
The official documentation can be found here.

Let's Encrypt SSL throwing 404 – Nginx

I just installed nginx on my VPS and created 2 websites on there.

api.school-alert.cz

server {
    server_name  api.school-alert.cz;
    index index.html index.htm;
    access_log /var/log/nginx/bmiapp.log;
    error_log  /var/log/nginx/bmiapp-error.log error;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:8080;
        proxy_redirect off;
    }
}

and school-alert.cz

server {
    server_name  school-alert.cz;
    index index.html index.htm;
    access_log /var/log/nginx/bmiapp.log;
    error_log  /var/log/nginx/bmiapp-error.log error;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:3000;
        proxy_redirect off;
    }
}

I have already created a certificate for api.school-alert.cz but for some reason, when I try to create certificate for the other domain name I get an error. Specificaly when running "certbot –nginx" or "certbot -d school-alert.cz". This is the error I get:

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
  Domain: school-alert.cz
  Type:   unauthorized
  Detail: 2a02:2b88:1:4::16: Invalid response from http://school-alert.cz/.well-known/acme-challenge/Qo8DXVvUsxXzGda633bnyrcMN6_pnyzP09gce11lNBQ: 404

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Some challenges have failed.

I have been trying to fix this for days, but didn’t find a solution yet, I would greatly appreciate your help.

Both websites are easily accessible on the internet
http://api.school-alert.cz:8080/
http://school-alert.cz/

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    After many days of battling with this problem I found out the real reason for why it was working for my subdomain and not for my domain was that my domain provider has set up default dns records for that domain. These dns records pointed to a server I do not own, so I couldn't authorize for the ssl certificate.


  2. 0

    api.school-alert.cz is a subdomain of school-alert.cz. From your description, you have created a certificate for the subdomain, but didn’t add the domain to the certificate.

    To fix the existing certificate so it works with the domain and subdomain, run:

    sudo certbot nameofcertificate -d school-alert.cz -d api.school-alert.cz -d www.school-alert.cz (sudo may not be necessary if you’re using the server plugin for Apache or Nginx.) Add your certificate name where it says "name of certificate." This is usually your domain’s name also. You can find the certificate name by running the command sudo certbot certificates.

    Now the domain, subdomain, and www prefixed URL are covered under your current certificate.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search