Hi,
I use Nginx as a reverse proxy to some workpress backend in jails..
I added a new configuration file in /usr/local/etc/nginx/acme.conf with the following text.
In my /usr/local/etc/nginx/nginx.conf I added
When I run
Could anyone please help?
mydomain.co.uk
I use Nginx as a reverse proxy to some workpress backend in jails..
I added a new configuration file in /usr/local/etc/nginx/acme.conf with the following text.
Code:
# acme.conf
server{
location ^~ /.well-known/acme-challenge/ {
proxy_redirect off;
default_type "text/plain";
root usr/local/www/acme;
allow all;
}
}
Code:
include acme.conf;
acme-client -vNn mydomain.co.uk www.mydomain.co.uk
I get the following error..
Code:
acme-client: /usr/local/etc/ssl/acme/private/privkey.pem: generating RSA domain key
acme-client: /usr/local/etc/acme/privkey.pem: generating RSA account key
acme-client: adding SAN: www.mydomain.co.uk
acme-client: https://acme-v01.api.letsencrypt.org/directory: directories
acme-client: acme-v01.api.letsencrypt.org: DNS: 2.22.101.48
acme-client: acme-v01.api.letsencrypt.org: DNS: 2a02:26f0:f6:182::3d5
acme-client: acme-v01.api.letsencrypt.org: DNS: 2a02:26f0:f6:19c::3d5
acme-client: https://acme-v01.api.letsencrypt.org/acme/new-reg: new-reg
acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: mydomain.co.uk
acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: www.mydomain.co.uk
acme-client: /usr/local/www/acme/adEW0NBAaqLBMWOSCl5k8VuhjoN1n4cHvo-1KjjR720: created
acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/ig79jl6QZIOiG3Pl8h1Pd8-6yZH5OSg0ar_3Ien3Lrg/1156401055: challenge
acme-client: /usr/local/www/acme/gO55mf1y0haZJdni6nKqxm-4Gt1y38QmMhsSDK7N7Ls: created
acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/0EjiUAM4Kvi47YJLVuLyEDkrJ4e5lGYdEKGZdCtYBx8/1156401093: challenge
acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/ig79jl6QZIOiG3Pl8h1Pd8-6yZH5OSg0ar_3Ien3Lrg/1156401055: status
acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/ig79jl6QZIOiG3Pl8h1Pd8-6yZH5OSg0ar_3Ien3Lrg/1156401055: bad response
acme-client: transfer buffer: [{ "type": "http-01", "status": "invalid", "error": { "type": "urn:acme:error:unauthorized", "detail": "Invalid response from http://mydomain.co.uk/.well-known/acme-challenge/adEW0NBAaqLBMWOSCl5k8VuhjoN1n4cHvo-1KjjR720: \"\u003c!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01//EN\" \"http://www.w3.org/TR/html4/strict.dtd\"\u003e\n\u003chtml\u003e\n\u003chead\u003e\n\u003cmeta http-equiv=\"Conte\"", "status": 403 }, "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/ig79jl6QZIOiG3Pl8h1Pd8-6yZH5OSg0ar_3Ien3Lrg/1156401055", "token": "adEW0NBAaqLBMWOSCl5k8VuhjoN1n4cHvo-1KjjR720", "keyAuthorization": "adEW0NBAaqLBMWOSCl5k8VuhjoN1n4cHvo-1KjjR720.X27W--dmGHBPPsWJ0fyHGHZrihc-_VyEM-SRQsmgvRU", "validationRecord": [ { "url": "http://mydomain.co.uk/.well-known/acme-challenge/adEW0NBAaqLBMWOSCl5k8VuhjoN1n4cHvo-1KjjR720", "hostname": "mydomain.co.uk", "port": "80", "addressesResolved": [ "194.10.13.xxx" ], "addressUsed": "194.10.13.xxx" }, { "url": "https://mydomain.co.uk/.well-known/acme-challenge/adEW0NBAaqLBMWOSCl5k8VuhjoN1n4cHvo-1KjjR720", "hostname": "mydomain.co.uk", "port": "443", "addressesResolved": [ "194.10.13.xxx" ], "addressUsed": "194.10.13.xxx" } ] }] (1313 bytes)
acme-client: bad exit: netproc(29623): 1
mydomain.co.uk
Code:
# This template redirects traffic to https://mydomain.co.uk.
# Domain redirect
server {
listen 80;
server_name mydomain.co.uk;
# Redirect to ssl domain
return 301 https://$host$request_uri;
}
# Domain redirect
server {
listen 80;
server_name www.mydomain.co.uk;
# Redirect to ssl domain
return 301 https://$host$request_uri;
}
# HTTPS redirect
server {
listen 443 ssl http2;
server_name www.mydomain.co.uk;
# Setup SSL
ssl on;
ssl_certificate /etc/ssl/mydomain/mydomain.co.uk.crt;
ssl_certificate_key /etc/ssl/mydomain/mydomain.co.uk.key;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
# Redirect to www
return 301 https://$host$request_uri;
}
# SSL site
server {
listen 443 ssl http2;
server_name mydomain.co.uk;
# Setup SSL
ssl on;
ssl_certificate /etc/ssl/mydomain/mydomain.co.uk.crt;
ssl_certificate_key /etc/ssl/mydomain/mydomain.co.uk.key;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
# Variables
# Set the backend server, as defined in backends.conf. Ex: apache, nginx, nginx-ssl
set $backend http://mydomain;
# Uncomment to disable proxy cache.
# set $nocache 1;
# Set referers
valid_referers none blocked server_names;
# Include Letsencrypt acme-client
# include /usr/local/etc/nginx/acme.conf;
# Include the standard security template. (nginx/security/standard-template)
include /usr/local/etc/nginx/security/standard-template;
# Uncomment to block search engines
# include /usr/local/etc/nginx/security/block-search.conf;
# Uncomment and change CMS to your actual CMS, as listed under nginx/cms/. For example, Drupal, Wordpress, Horde, Nextcloud, etc.
include /usr/local/etc/nginx/cms/static;
# Include hotlink protection
include /usr/local/etc/nginx/proxy/hotlink;
# Pass all remaining requests to the backend server.
include /usr/local/etc/nginx/proxy/backend;
}