im trying to get the LE cert to provision on my setup, but im getting a 404 error
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Performing the following challenges: http-01 challenge for mail.pomtom.co.nz Using the webroot path /home/user-data/ssl/lets_encrypt/webroot for all unmatched domains. Waiting for verification... Cleaning up challenges Failed authorization procedure. mail.pomtom.co.nz (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mail.pomtom.co.nz/.well-known/acme-challenge/BqkKUhhB65lRvof2fhXMN3ZmIU02lsIbPVamU0K3Iy4 [126.96.36.199]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>" IMPORTANT NOTES: - The following errors were reported by the server: Domain: mail.pomtom.co.nz Type: unauthorized Detail: Invalid response from http://mail.pomtom.co.nz/.well-known/acme-challenge/BqkKUhhB65lRvof2fhXMN3ZmIU02lsIbPVamU0K3Iy4 [188.8.131.52]: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>" To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
Iv done some tracing, and I can see the requests hitting my web proxy, and being forwarded to the mail server okay, but im getting this error on the nginx logs on the server
open() "/home/user-data/www/default/.well-known/acme-challenge/BqkKUhhB65lRvof2fhXMN3ZmIU02lsIbPVamU0K3Iy4" failed (2: No such file or directory)
based on my limited understanding, it looks like certbot isnt making the .well-known folder?
But i could be wrong
Please, the backquote character (`) is intended for inline code. When you dump a large blob of text into a question it is very difficult to read and there is at least one of us that moves on to the next question.
On top of that, you seem to have interspersed in your blob html tags, so copy and paste elsewhere is full of noise.
I know it sounds like I’m being picky, but if you desire quality answers it is helpful to ask quality questions, including formatting.
I used the preformatted button when posting the log, so I assumed that was correct?
im currently rebuilding the server again just to confirm i didnt mess up the install but will re-post logs soon if i have the same problems
Would a pastebin link be ok as well? or would you prefer the backquote logs on here?
Pastebin is fine. Discourse uses markdown, so to multi-line code can be either paste in and highlight then press click the code button or place ``` above and below code lines, although maybe for your email it should be paste in, highlight and click the quote button. And try to not have the html tags in there. Not sure where those come from.
Im running the mail server behind a NAT on a single IP
I dont have any ports open for any mail stuff yet, I was just trying to get the SSL setup before I moved onto that step
I also have a web proxy installed for http traffic coming in,
I have a filter on that to take any requests to the hostnames of the mail server
(in my case mail.pomtom.co.nz, and the autoconfigure etc) and point it to my mail server rather than my web server
I have done a complete fresh install, getting a few errors about ports but thats expected as per my comment above
Gone to the system, ssl page, and tried to do a Provision certs using the button on that page
When I hit provision I can see the requests hitting my proxy server and being redirected to my mail server fine
do you mean the random string at the end?
That might have just been my bad getting the wrong value fom the logs
Iv run a few test and tried to get the same logs but could have just gotten the wrong one
(each run generates a different ID AFAIK)
going to LE i dont think is the problem, as i can see the request coming back fine (as shown in the logs)
i think its the proxy somehow changing something to do with the url or source or something which causes nginx to not route to the correct location on the miab server?