0

I am trying to install a Let's Encrypt SSL certificate across four sites: mysite.com es.mysite.com fr.mysite.com de.mysite.com

I ran the following command: certbot --nginx -d mysite.com -d www.mysite.com which worked fine for mysite.com, es.mysite.com, fr.mysite.com. When I ran the sudo certbot --nginx -d de.mysite.com is got the following error:

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: de.mysite.com
   Type:   unauthorized
   Detail: Invalid response from
   https://de.mysite.com/.well-known/acme-challenge/te29XBKAQdQBbQxvzPTgfgaFpzM_OUj6b4gSuiuPvOI
   [MY IP ADDRESS]: "\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML
   1.0 Transitional//EN\"
   \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\r\n<"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

I then tried to install the certificate manually using the following code: certbot certonly --manual -d de.mysite.com . I was then asked Are you ok with your IP being loggged? I selected Y and hit enter. Then I followed this step: 

Create a file containing just this data:

SJpIiQET8X0vehhTjmcPBrm3zsbS1p8f9Mf2oKE5l5w.SkXszSMjtmN2-3gN7kkDhgSElerR3H1MgUc9N8z70n4

And make it available on your web server at this URL:

http://de.mysite.com/.well-known/acme-challenge/SJpIiQET8X0vehhTjmcPBrm3zsbS1p8f9Mf2oKE5l5w

I pressed Enter to Continue and then got the same error: 

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: de.mysite.com
   Type:   unauthorized
   Detail: Invalid response from
   https://de.mysite.com/.well-known/acme-challenge/SJpIiQET8X0vehhTjmcPBrm3zsbS1p8f9Mf2oKE5l5w
   [MY IP ADDRESS]: "\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML
   1.0 Transitional//EN\"
   \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\r\n<"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

Can anyone advise how to resolve this error and successfully install the Let's Encrypt SSL certificate?

Thanks.

ackers
  • 1
  • 3
  • First of all you should try to visit from a browser that link of the acme challenge in the second block (http://de.mysite.com/.well-known/acme-challenge/SJpIiQET8X0vehhTjmcPBrm3zsbS1p8f9Mf2oKE5l5w) and see if the content is EXACTLY the data requested. It looks like it is being transformed to HTML, which makes the verification fail. I recommend using curl for that purpose so you can see the exact response without any formatting. – Marc Sances May 01 '19 at 10:06

1 Answers1

0

I managed to resolve my issue. I had to include the following in my nginx config first: 

   location ~ /.well-known {
      allow all;
   }

   location ^~ /.well-known/acme-challenge/ {
      default_type "text/plain";
      root         /data/wordpress/mysite/;
   }

   location = /.well-known/acme-challenge/ {
      return 404;
   }

Then I had to install the Let's Encrypt SSL certificate manually by running certbot certonly --manual -d de.mysite.com and followed the steps to successfully install the certificate.

ackers
  • 1
  • 3