Let's encrypt green with nginx webproxy nethserver websites

Vitor_Hugo_Barbosa · January 24, 2021, 6:16pm

Hello folks happy 2021

I want to validate all my nginx subdomains with

Valid let’s encrypt certificate, into nethserver nginx proxy.

When I try to into the nethserver gui, nginx webproxy it doesn’t work

But the websites are in https on nginx nethserver working like a charm… Misses the valid let’s encrypt think… The message that he sends to me when I try it…

Validation failed: Challenge failed for this domain(s)

mark_nl · January 24, 2021, 6:40pm

Hi @Vitor_Hugo_Barbosa.

My best guess is you redirect all incoming traffic on port 80 with your nginx proxy to https (port 443).

If this is true you can not request a let’s encrypt certificate form the nethserver administration interface.

Incoming traffic (for all the domains you request a certificate for) on port 80 with destination .well-known/acme-challenge/ must be directed to /var/www/html/.well-known/acme-challenge/ . In this location the let’s encrypt servers can find the challenge for validation.

Vitor_Hugo_Barbosa · January 24, 2021, 6:46pm

So with that in mind my objective is to generate an let’s encrypt with certbot into terminal and store it into the folder that nginx serves…
var/www/html/.well-known/acme-challenge

Ohh… Acme is a different one and
var/www/html/.well-known/acme-challenge
Is the folder that acme generates his certs

I have tried acme also to but it says to me he can achieve that port 80 block witch is not true

I can try to see with netstat - tulpn maybe

mark_nl · January 24, 2021, 6:58pm

once the request succeeds your certificate, chainfile and private-key are stored in /etc/letsencrypt/live/

mark_nl · January 24, 2021, 7:02pm

Are you sure you do not redirect all traffic to port 80 to https?

Vitor_Hugo_Barbosa · January 24, 2021, 7:10pm

Yes I take off the https redir i will try now

No it isn’t solved

Validation failed: Challenge failed for this domain(s) nextcloud.tuxadmin.ch

On gui thing I am not so savvy with this… And I have tried from gui

Vitor_Hugo_Barbosa · January 24, 2021, 7:39pm

I think I have found some thing micronator

NethServer with let’s encrypt and Acme recognize cloud flare Acme challenge

I have the pdf already

I have no ip as dyndns

But… I think it doesn’t matter if I have also cloud flare as second ddns to the same domain

mark_nl · January 24, 2021, 7:55pm

The DNS challenge is added recently, your DNS service provider must be supported by cerbot.

if that does not work for you you some further reading:

royceb · January 24, 2021, 7:55pm

You can consider using DNS challenge instead to circumvent the port 80 requirement.

Vitor_Hugo_Barbosa · January 24, 2021, 8:04pm

Thanks guys I will try gently this week