0

I'm currently using the default configuration below, provided by Laravel here:

server {
    listen 80;
    server_name www.example.com;
    root /srv/www/example/public;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.php;

    charset utf-8;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    error_page 404 /index.php;

    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
}

What configuration should I use instead to switch to SSL with Let's Encrypt ?

With this current configuration, when I run certbot, I'm getting the error below:

~  sudo certbot --nginx -d www.example.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.example.com
Waiting for verification...
Challenge failed for domain www.example.com
http-01 challenge for www.example.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.example.com
   Type:   unauthorized
   Detail: Invalid response from
   http://www.example.com/.well-known/acme-challenge/KLiVD9nJaMVqJoljNziftqSJXFXCEXsV5mf_d9WthdM
   [123.123.123.3]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

When scanning ports from outside my network, I get:

$ nmap 123.123.123.3
Starting Nmap 7.70 ( https://nmap.org ) at 2020-12-14 11:13 CET
Nmap scan report for 213.163.173.3
Host is up (0.0061s latency).
Not shown: 997 filtered ports
PORT    STATE  SERVICE
80/tcp  open   http
113/tcp closed ident
443/tcp open   https
DevonDahon
  • 7,460
  • 6
  • 69
  • 114
  • just enter `sudo certbot` it will give u all the available domain name – Kamlesh Paul Dec 14 '20 at 09:34
  • @KamleshPaul After choosing my domain in the list, I'm still getting the same error message – DevonDahon Dec 14 '20 at 09:38
  • then `please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.` – Kamlesh Paul Dec 14 '20 at 09:41
  • The website works fine without SSL, I guess it's enough to say that the domain name and ip are set correctly – DevonDahon Dec 14 '20 at 09:48
  • no it you need to check AAAA record as well you need to cross check both – Kamlesh Paul Dec 14 '20 at 09:59
  • Okay, thanks, indeed I might not have AAAA record set, is it mandatory to use Let's Encrypt ? – DevonDahon Dec 14 '20 at 10:35
  • no it is not mandatory but if you have other ip in A or AAAA record then let's encrypt not work so remove those if not req. – Kamlesh Paul Dec 14 '20 at 11:06
  • When I do `dig A +short www.example.com`, I get `proxy-1.example.com.` and `123.123.123.3`, then when I do `dig AAAA +short www.example.com`, I just get `proxy-1.example.com.`, does it confirm that my problem comes from incorrect AAAA record ? Knowing that `proxy-1.example.com` points to `123.123.123.3` – DevonDahon Dec 14 '20 at 11:22
  • why don't you check your dns manager everything will be clear from there – Kamlesh Paul Dec 14 '20 at 11:29
  • I don't have access to this DNS for the moment, so I'm trying alternative ways to check whether it's actually the problem or not – DevonDahon Dec 14 '20 at 11:32

0 Answers0