I just installed Gogs on a VPS with the help of the tuto (https://gogs.io/docs/installation/install_from_source). I have a sub domain to reach my gogs instance: git.mydomainname.com and it works: http://git.mydomainname.com goes to my gogs instance with a reverse proxy.
I would like to have my gogs protected through SSL, so I would like to install LetsEncrypt using the following tuto (https://certbot.eff.org/#debianstretch-nginx).
I would like to say that I am new to system administration and don't necessarily understand everything I did during the Gogs install. I am also new to Nginx (more used to Apache).
Here is the process I followed:
$ sudo certbot certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Place files in webroot directory (webroot)
2: Spin up a temporary webserver (standalone)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel):git.mydomainname.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for git.mydomainname.com
Select the webroot for git.mydomainname.com:
-------------------------------------------------------------------------------
1: Enter a new webroot
-------------------------------------------------------------------------------
Press 1 [enter] to confirm the selection (press 'c' to cancel): /home/git/go/src/github.com/gogits/gogs
** Invalid input **
Press 1 [enter] to confirm the selection (press 'c' to cancel): 1
Input the webroot for git.mydomainname.com: (Enter 'c' to cancel):/home/git/go/src/github.com/gogits/gogs
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. git.mydomainname.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://git.mydomainname.com/.well-known/acme-challenge/N4rMGzoq1Bwyt9MP9fUlVY3_mDnJfRYpQkdvc7WrNJs: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: git.mydomainname.com
Type: unauthorized
Detail: Invalid response from
http://git.mydomainname.com/.well-known/acme-challenge/N4rMGzoq1Bwyt9MP9fUlVY3_mDnJfRYpQkdvc7WrNJs:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
So I checked the error, the DNS A record is OK. I also found another tuto in french (https://www.grafikart.fr/formations/serveur-linux/nginx-ssl-letsencrypt) to help me and I noticed that I had to update my nginx config for the website, I did, despite I have a reverse proxy (maybe the issue is here).
server {
listen 80;
server_name git.mydomainname.com
location ~ /\.well-known/acme-challenge {
allow all;
}
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location / {
proxy_pass http://localhost:port_number;
}
}
Thanks for your help.
