DirectAdmin v.1.50.1 - LetsEncrypt error
- Thread starter AskNik
- Start date
Thanks. Now comes this error -
Challenge is invalid. Details: Could not connect to http://_mydomain_/.well-known/acme-challenge/OLeQDJMgy6-wKl0z8s2wcVKi7cNK0XxRmW5bTf03OOk. Exiting..
In directadmin.conf settings - letsencrypt=1
Challenge is invalid. Details: Could not connect to http://_mydomain_/.well-known/acme-challenge/OLeQDJMgy6-wKl0z8s2wcVKi7cNK0XxRmW5bTf03OOk. Exiting..
In directadmin.conf settings - letsencrypt=1
Thanks. Now comes this error -
Challenge is invalid. Details: Could not connect to http://_my_domain_/.well-known/acme-challenge/MWZg0FbUF5hWltZluIIBaRL8fmjmkzVRCOtjy2kx3VY. Exiting...
In directadmin.conf settings - letsencrypt=1
log nginx
Challenge is invalid. Details: Could not connect to http://_my_domain_/.well-known/acme-challenge/MWZg0FbUF5hWltZluIIBaRL8fmjmkzVRCOtjy2kx3VY. Exiting...
In directadmin.conf settings - letsencrypt=1
log nginx
Code:
_my_ip_ - - [03/Jul/2016:21:49:38 +0300] "GET /.well-known/acme-challenge/letsencrypt_1467571776 HTTP/1.1" 200 0 "-" "curl/7.49.1"
66.133.109.36 - - [03/Jul/2016:21:49:40 +0300] "GET /.well-known/acme-challenge/MWZg0FbUF5hWltZluIIBaRL8fmjmkzVRCOtjy2kx3VY HTTP/1.1" 200 108 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"Dear Sir/Madam,
If we disconnect nginx, and left only the apache, in this case, it generates a certificate normally.
If we try to make through the nginx such error appears
If we disconnect nginx, and left only the apache, in this case, it generates a certificate normally.
If we try to make through the nginx such error appears
Code:
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:connection",
"detail": "Could not connect to http://_my_domain_/.well-known/acme-challenge/4wH8ExUFaU6WSvCV9HsTvAfk-qP5JlTDQKlCj_A-JYk",
"status": 400
},
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/nRVGtmUnZ7CZLVR77kKJ6GpX9cpb_S2nGvIwbP7G-lA/156923365",
"token": "4wH8ExUFaU6WSvCV9HsTvAfk-qP5JlTDQKlCj_A-JYk",
"keyAuthorization": "4wH8ExUFaU6WSvCV9HsTvAfk-qP5JlTDQKlCj_A-JYk.Mmh2-LDwRdCnyW40RPuE3Be8JnxdX2ruzpShBFjyNxA",
"validationRecord": [
{
"url": "http://_my_domain_/.well-known/acme-challenge/4wH8ExUFaU6WSvCV9HsTvAfk-qP5JlTDQKlCj_A-JYk",
"hostname": "_my_domain_",
"port": "80",
"addressesResolved": [
"_ip_server_"
],
"addressUsed": "_ip_server_"
}
]
}Ghadamyari
Verified User
- Joined
- Aug 13, 2011
- Messages
- 32
I encountered the very same issue with nginx_apache config and let's encrypt.
took 9 hours of mine to figure out what is wrong !! The BIG PAIN is that the mod_security of nginx DOESN'T log ANYTHING about this issue and the request appears as a normal request with response 200 in the access_log file of both NGINX and APACHE!!! and if you use curl to download the acme challenge URL with the same browser that Let's Encrypt downloads it, the file appears to be downloaded fine, I even tried to disable both Security engine and Audit engine of mod_security and all of its catalogues in the CWAF admin module but it didn't work as well :|
anyway when I disable mod_security in the file /etc/nginx/nginx.conf:
and restart nginx, Let's Encrypt works fine!!
But it's not the right solution and we need to have mod_security enabled
took 9 hours of mine to figure out what is wrong !! The BIG PAIN is that the mod_security of nginx DOESN'T log ANYTHING about this issue and the request appears as a normal request with response 200 in the access_log file of both NGINX and APACHE!!! and if you use curl to download the acme challenge URL with the same browser that Let's Encrypt downloads it, the file appears to be downloaded fine, I even tried to disable both Security engine and Audit engine of mod_security and all of its catalogues in the CWAF admin module but it didn't work as well :|
anyway when I disable mod_security in the file /etc/nginx/nginx.conf:
Code:
# include /etc/nginx/nginx-modsecurity-enable.confBut it's not the right solution and we need to have mod_security enabled
Last edited:
SeLLeRoNe
Super Moderator
I spoke with smtalk about this, and nginx still have a fix for this but not yet released as stable. (or maybe was mod_pagespeed).
smtalk is thinkinging about use the dev version untill they release it as stable, i had exactly the same problem and with smtalk we did found out that was mod_security
Best regards
smtalk is thinkinging about use the dev version untill they release it as stable, i had exactly the same problem and with smtalk we did found out that was mod_security
Best regards
zEitEr
Super Moderator
What error do you have? Just renewed existing certs on a server with nginx+apache without an issue.
Thanks for replying.
Requesting a new certificate or renewal resulted in:
PHP:
Setting up certificate for a hostname: server1.example.com
Getting challenge for server1.example.com from acme-server...
Waiting for domain verification...
Challenge is invalid. Details: Could not connect to server1.example.com. Exiting..The hostname has been changed but there is no issue with resolution or firewall rules.
The server worked fine until it was switched from Apache to nginx+apache. Having disabled modsecurity in nginx as per the earlier suggestion it started working again. Whilst it was running Apache only it had worked perfectly too. I tried rewriting configs, etc post the switch to nginx+apache but that did not resolve it.
The nginx and apache logs all showed '200' requests so no obvious error, although clearly mod security was causing the impact as it works since it was disabled in nginx. However, the letsencrypt.sh output indicated a '400' status rather than '200'. If I manually created a file in .well-known/acme-challenge I could access when browsed to using a browser.
The server is running CloudLinux 7.x (latest revision) with DA 1.512. CageFS is enabled too. letencrypt=1 is set in directadmin.conf.
Thanks.