EDIT:
Nginx Configuration:
server {
server_name selftestcheck.com www.selftestcheck.com;
access_log /var/log/nginx/selftestcheck.com.access.log rt_cache_redis;
error_log /var/log/nginx/selftestcheck.com.error.log;
root /var/www/selftestcheck.com/htdocs;
index index.php index.html index.htm;
include common/redis-php7.conf;
include common/wpcommon-php7.conf;
include common/locations-php7.conf;
include /var/www/selftestcheck.com/conf/nginx/*.conf;
location '/.well-known/acme-challenge' {
root /var/www/domain/htdocs;
}
}
This question perhaps has been asked before but doesn't seem to have an answer so I want to try and answer it because a lot of people seem to suffer from it.
This is the problem:
I run "sudo ee site create domain --wpfc --letsencrypt" or "sudo ee site update domain --letsencrypt"
I get this error:
"To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address."
A few months ago I could do sudo ee site create domain --wpfc --letsencrypt and everything would work beautifully. Now suddenly, every single site I create with ee has this https problem. Why?!
Anyway, here's basically everything I think everyone will need to figure out what's going on:
Here is tail -n100 /var/log/ee/ee.log
2017-06-27 16:01:33,531 (DEBUG) ee : logging initialized for 'ee' using LoggingLogHandler
2017-06-27 16:01:33,826 (DEBUG) ee : ['/usr/local/bin/ee', 'site', 'update', 'domain', '--letsencrypt']
2017-06-27 16:01:33,827 (DEBUG) ee : collecting arguments/commands for <ee.cli.controllers.base.EEBaseController object at 0x7ff98cd5d908>
2017-06-27 16:01:33,829 (DEBUG) ee : collecting arguments/commands for <ee.cli.plugins.site.EESiteController object at 0x7ff98cd5dac8>
2017-06-27 16:01:33,830 (DEBUG) ee : collecting arguments/commands for <ee.cli.plugins.site.EESiteUpdateController object at 0x7ff98cd6f3c8>
2017-06-27 16:01:33,833 (INFO) ee : Initializing EasyEngine Database
2017-06-27 16:01:33,843 (INFO) ee : Letsencrypt is currently in beta phase.
Do you wish to enable SSl now for domain?
2017-06-27 16:01:36,195 (DEBUG) ee : Changing directory to /opt/letsencrypt
2017-06-27 16:01:36,195 (DEBUG) ee : Running command: git pull
2017-06-27 16:01:36,548 (DEBUG) ee : Command Output: Already up-to-date.
,
Command Error:
2017-06-27 16:01:36,549 (WARNING) ee : Please Wait while we fetch SSL Certificate for your site.
It may take time depending upon network.
2017-06-27 16:01:36,549 (DEBUG) ee : Running command: ./letsencrypt-auto certonly --webroot -w /var/www/domain/htdocs/ -d domain -d domain --email email --text --agree-tos
2017-06-27 16:01:44,332 (DEBUG) ee : Command Output: IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: domain
Type: unauthorized
Detail: Invalid response from
//domain/.well-known/acme-challenge/uLxoAUahNQ-eqXBUfYuYP2xVEQwohM1o4zm53RgqtHI:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<center>"
Domain: non-www-domain
Type: unauthorized
Detail: Invalid response from
//non-www-domain/.well-known/acme-challenge/vFzrgVwx62VPdsAeN4M1DGXJDwLkPaIC3nuCMfXvw0Q:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
,
Command Error: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for domain
http-01 challenge for non-www-domain
Using the webroot path /var/www/domain/htdocs for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. domain (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from //domain/.well-known/acme-challenge/uLxoAUahNQ-eqXBUfYuYP2xVEQwohM1o4zm53RgqtHI: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<center>", domain (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from //domain/.well-known/acme-challenge/vFzrgVwx62VPdsAeN4M1DGXJDwLkPaIC3nuCMfXvw0Q: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<center>"
2017-06-27 16:01:44,333 (ERROR) ee : Unable to setup, Let's Encrypt
2017-06-27 16:01:44,333 (ERROR) ee : Please make sure that your site is pointed to
same server on which you are running Let's Encrypt Client
to allow it to verify the site automatically.
I've used pingdom to check my DNS, it's pointing to all the right nameservers on Linode the site resolves I can see it, the reverse DNS works.
Here's the UFW output:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22 DENY IN Anywhere
80 ALLOW IN Anywhere
443 ALLOW IN Anywhere
xxxxxxx ALLOW IN Anywhere
xxx ALLOW IN Anywhere
22 (v6) DENY IN Anywhere (v6)
80 (v6) ALLOW IN Anywhere (v6)
443 (v6) ALLOW IN Anywhere (v6)
xxxxxxx (v6) ALLOW IN Anywhere (v6)
xxx (v6) ALLOW IN Anywhere (v6)
Here's a test file I put in the DIR just to be sure it's accessible:
http://selftestcheck.com/.well-known/acme-challenge/test.txt
should see "hi hello" someone please help!
