0

trying to generate a new SSL cert with Let's Encrypt following this guide - https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04 but am getting verification failure.

I am certain my DNS is set up correctly and pointing to my server's IP address.

I have a feeling my webroot is incorrect.

In my /etc/nginx/sites-available/default I have the allow all parameter set - 

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    root /usr/share/nginx/html;
    index index.php index.html index.htm;

    server_name localhost;

    location ~ /.well-known {

        allow all;

    }

    location / {
        try_files $uri $uri/ =404;
    }

    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

I am then running ./letsencrypt-auto certonly -a webroot --webroot-path=/usr/share/nginx/html -d domain.com which matches the webroot path set in my default nginx config.

What am I missing?

I am running nginx on Ubuntu 14

Stretch0
  • 133
  • 8
  • 1
    Have you tried to manually create some files and folders in `/usr/share/nginx/html` and then try to access it? lets-encrypt usually checks their verification files under `http://example.com/.well-known/something` – chrki Apr 28 '17 at 09:58
  • `server_name localhost`? What do you get if you point a browser at something like `http:// domain .com/.well-known/acme-challenge/blahblah`? – user Apr 28 '17 at 21:11

2 Answers2

1

One little reminder, you need to have your host server in nginx support and listening to SSL protocol, otherwise it will cause problem saying that your server don't speak SSL

Also, it look like are you only allowing ipv6 connection for the host, so check that your DNS record is using AAAA record instead of normal A record (which is used for ipv4). Certbot need to be able to connect to your host to do the challenges

ThisTNTSquid
  • 21
  • 2
0

You can manually get your domain verified following instructions here

I verified mine in the following steps:

  1. Install certbot following the instructions.
  2. Stop nginx
  3. Execute sudo certbot certonly --standalone -d your_domain.com
lowatt
  • 101
  • 1