Want to subscribe to topics you're interested in?
Become a Member

Letsencrypt SSL acmetool.sh not renewing certificate for one site

Discussion in 'Add Ons' started by CarpCharacin, Aug 7, 2017.

  1. CarpCharacin

    CarpCharacin Member

    213
    14
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +18
    Local Time:
    10:00 PM
    1.13.0
    MariaDB 10
    Please fill in any relevant information that applies to you:
    • CentOS Version: CentOS 7 64bit
    • Centmin Mod Version Installed: 123.09beta01
    • Nginx Version Installed: i.e. 1.13.0
    • PHP Version Installed: i.e. 7.1.8
    • MariaDB MySQL Version Installed: 10.1
    • When was last time updated Centmin Mod code base ? : Today
    • Persistent Config: Do you have any persistent config file options set in /etc/centminmod/custom_config.inc ? No.
    It has been renewing the utahfishkeepers ssl certificate, just not the one for my other site.
    Here are the outputs:
    Code (Text):
    /var/log/cron:Jul 31 00:00:01 host CROND[2352]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron:Aug  1 00:00:01 host CROND[17354]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron:Aug  2 00:00:01 host CROND[31814]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron:Aug  3 00:00:01 host CROND[13093]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron:Aug  4 00:00:01 host CROND[26862]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron:Aug  5 00:00:01 host CROND[11305]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron:Aug  6 00:00:02 host CROND[26326]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170709:Jul  4 00:00:01 host CROND[5507]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170709:Jul  5 00:00:01 host CROND[22564]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170709:Jul  6 00:00:01 host CROND[2029]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170709:Jul  7 00:00:02 host CROND[19587]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170709:Jul  8 00:00:01 host CROND[6611]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170709:Jul  9 00:00:01 host CROND[22556]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170716:Jul 10 00:00:01 host CROND[7261]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170716:Jul 11 00:00:01 host CROND[22652]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170716:Jul 12 00:00:01 host CROND[19569]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170716:Jul 13 00:00:01 host CROND[14036]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170716:Jul 14 00:00:02 host CROND[2328]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170716:Jul 15 00:00:01 host CROND[24876]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170716:Jul 16 00:00:01 host CROND[19891]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170724:Jul 17 00:00:01 host CROND[10643]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170724:Jul 18 00:00:01 host CROND[3399]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170724:Jul 19 00:00:01 host CROND[27205]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170724:Jul 20 00:00:01 host CROND[20770]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170724:Jul 21 00:00:01 host CROND[6600]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170724:Jul 22 00:00:01 host CROND[25683]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170724:Jul 23 00:00:01 host CROND[11493]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170724:Jul 24 00:00:01 host CROND[2236]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170730:Jul 25 00:00:01 host CROND[21614]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170730:Jul 26 00:00:01 host CROND[5524]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170730:Jul 27 00:00:01 host CROND[20982]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170730:Jul 28 00:00:01 host CROND[22468]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170730:Jul 29 00:00:02 host CROND[5225]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    /var/log/cron-20170730:Jul 30 00:00:01 host CROND[20336]: (root) CMD ("/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null)
    

    Code (Text):
    -------------------------------------------------
    acmetool.sh is in beta testing phase
    please read & provide bug reports &
    feedback for this tool via the forums
    https://centminmod.com/acmetool
    -------------------------------------------------
    
    ----------------------------------------------
    nginx installed
    ----------------------------------------------
    
    /usr/local/nginx/conf/ssl/carpcharacin.rocks/carpcharacin.rocks-acme.cer
    SHA1 Fingerprint=04B66671C0E12B0D7C5B284F5FF2F477CE44EC15
    certificate expires in -5 days on 1 Aug 2017
    
    /usr/local/nginx/conf/ssl/utahfishkeepers.us/utahfishkeepers.us-acme.cer
    SHA1 Fingerprint=75356F784AECBC8AD8E7DA21B8A24134A9D6B24F
    certificate expires in 74 days on 20 Oct 2017
    
    ----------------------------------------------
    acme.sh obtained
    ----------------------------------------------
    
    /root/.acme.sh/carpcharacin.rocks/carpcharacin.rocks.cer
    SHA1 Fingerprint=04B66671C0E12B0D7C5B284F5FF2F477CE44EC15
    [ below certifcate transparency link is only valid ~1hr after issuance ]
    https://crt.sh/?sha1=04B66671C0E12B0D7C5B284F5FF2F477CE44EC15
    certificate expires in -5 days on 1 Aug 2017
    
    /root/.acme.sh/utahfishkeepers.us/utahfishkeepers.us.cer
    SHA1 Fingerprint=75356F784AECBC8AD8E7DA21B8A24134A9D6B24F
    [ below certifcate transparency link is only valid ~1hr after issuance ]
    https://crt.sh/?sha1=75356F784AECBC8AD8E7DA21B8A24134A9D6B24F
    certificate expires in 74 days on 20 Oct 2017
    

    Code (Text):
    [Sun Aug  6 18:01:28 UTC 2017] Renew: 'carpcharacin.rocks'
    [Sun Aug  6 18:01:29 UTC 2017] Multi domain='DNS:www.carpcharacin.rocks'
    [Sun Aug  6 18:01:29 UTC 2017] Getting domain auth token for each domain
    [Sun Aug  6 18:01:29 UTC 2017] Getting webroot for domain='carpcharacin.rocks'
    [Sun Aug  6 18:01:29 UTC 2017] _w='/home/nginx/domains/carpcharacin.rocks/publi'
    [Sun Aug  6 18:01:29 UTC 2017] Getting new-authz for domain='carpcharacin.rocks
    [Sun Aug  6 18:01:30 UTC 2017] The new-authz request is ok.
    [Sun Aug  6 18:01:30 UTC 2017] Getting webroot for domain='www.carpcharacin.rocs'
    [Sun Aug  6 18:01:30 UTC 2017] _w='/home/nginx/domains/carpcharacin.rocks/publi'
    [Sun Aug  6 18:01:30 UTC 2017] Getting new-authz for domain='www.carpcharacin.rcks'
    [Sun Aug  6 18:01:30 UTC 2017] The new-authz request is ok.
    [Sun Aug  6 18:01:30 UTC 2017] Verifying:carpcharacin.rocks
    [Sun Aug  6 18:01:33 UTC 2017] carpcharacin.rocks:Verify error:Invalid responsefrom http://carpcharacin.rocks/.well-known/acme-challenge/FmQBUOeupSLmv0pV1cldXja4hbg0zFVTAs_UIxJOXU:
    [Sun Aug  6 18:01:33 UTC 2017] Please check log file for more details: /root/cetminlogs/acmetool.sh-debug-log-040117-212952.log
    [Sun Aug  6 18:01:33 UTC 2017] Error renew carpcharacin.rocks, Go ahead to nextone.
    [Sun Aug  6 18:01:33 UTC 2017] Renew: 'utahfishkeepers.us'
    [Sun Aug  6 18:01:33 UTC 2017] Skip, Next renewal time is: Thu Sep 21 00:00:54 TC 2017
    [Sun Aug  6 18:01:33 UTC 2017] Add '--force' to force to renew.
    [Sun Aug  6 18:01:33 UTC 2017] Skipped utahfishkeepers.us
    

     
    • Informative Informative x 1
  2. CarpCharacin

    CarpCharacin Member

    213
    14
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +18
    Local Time:
    10:00 PM
    1.13.0
    MariaDB 10
    Dang, carpcharacin.rocks just started redirecting to utahfishkeepers after I ran that last command.
     
  3. eva2000

    eva2000 Administrator Staff Member

    29,732
    6,713
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,023
    Local Time:
    2:00 PM
    Nginx 1.13.x
    MariaDB 5.5
    contents for nginx vhosts for carpcharacin.rocks ?

    and contents for /root/cetminlogs/acmetool.sh-debug-log-040117-212952.log ? post to gist.github.com or pastebin.com

    Redirect is probably because https requests to expired SSL cert site are now redirecting to next valid https site due to SNI support where https SSL certs share same IP address instead of having SSL certs assigned their own separate IPs. Fixing expired SSL cert will fix redirects then.
     
  4. CarpCharacin

    CarpCharacin Member

    213
    14
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +18
    Local Time:
    10:00 PM
    1.13.0
    MariaDB 10
    Here is the vhost:
    Code (Text):
    #x# HTTPS-DEFAULT
     server {
    
       server_name carpcharacin.rocks www.carpcharacin.rocks;
       return 302 https://$server_name$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    server {
      listen 443 ssl http2;
      listen [2600:3c01::f03c:91ff:fe2c:f69e]:443 ssl http2;
      server_name carpcharacin.rocks www.carpcharacin.rocks;
    
      include /usr/local/nginx/conf/ssl/carpcharacin.rocks/carpcharacin.rocks.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/carpcharacin.rocks/log/access.log main_ext buffer=256k flush=60m;
      error_log /home/nginx/domains/carpcharacin.rocks/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/carpcharacin.rocks/autoprotect-carpcharacin.rocks.conf;
      root /home/nginx/domains/carpcharacin.rocks/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      include /usr/local/nginx/conf/wpincludes/carpcharacin.rocks/wpcacheenabler_carpcharacin.rocks.conf;
      #include /usr/local/nginx/conf/wpincludes/carpcharacin.rocks/wpsupercache_carpcharacin.rocks.conf;
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/wpincludes/carpcharacin.rocks/rediscache_carpcharacin.rocks.conf;
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # for wordpress super cache plugin
      #try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;
    
      # for wp cache enabler plugin
      try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args;
    
      # Wordpress Permalinks
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      # Nginx level redis Wordpress
      # https://community.centminmod.com/posts/18828/
      #try_files $uri $uri/ /index.php?$args;
    
      }
    
    location ~* /(wp-login\.php) {
        limit_req zone=xwplogin burst=1 nodelay;
        #limit_conn xwpconlimit 30;
        auth_basic "Private";
        #auth_basic_user_file /home/nginx/domains/carpcharacin.rocks/htpasswd_wplogin;
        include /usr/local/nginx/conf/php-wpsc.conf;
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /(xmlrpc\.php) {
        limit_req zone=xwprpc burst=45 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
      include /usr/local/nginx/conf/wpincludes/carpcharacin.rocks/wpsecure_carpcharacin.rocks.conf;
      include /usr/local/nginx/conf/php-wpsc.conf;
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/php-rediscache.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    

    I tried opening the log file, but it said No such file or directory.
     
  5. eva2000

    eva2000 Administrator Staff Member

    29,732
    6,713
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,023
    Local Time:
    2:00 PM
    Nginx 1.13.x
    MariaDB 5.5
    looks like web root paths aren't registered correctly

    from
    Code (Text):
    [Sun Aug  6 18:01:28 UTC 2017] Renew: 'carpcharacin.rocks'
    [Sun Aug  6 18:01:29 UTC 2017] Multi domain='DNS:www.carpcharacin.rocks'
    [Sun Aug  6 18:01:29 UTC 2017] Getting domain auth token for each domain
    [Sun Aug  6 18:01:29 UTC 2017] Getting webroot for domain='carpcharacin.rocks'
    [Sun Aug  6 18:01:29 UTC 2017] _w='/home/nginx/domains/carpcharacin.rocks/publi'
    [Sun Aug  6 18:01:29 UTC 2017] Getting new-authz for domain='carpcharacin.rocks
    [Sun Aug  6 18:01:30 UTC 2017] The new-authz request is ok.
    [Sun Aug  6 18:01:30 UTC 2017] Getting webroot for domain='www.carpcharacin.rocs'
    [Sun Aug  6 18:01:30 UTC 2017] _w='/home/nginx/domains/carpcharacin.rocks/publi'
    [Sun Aug  6 18:01:30 UTC 2017] Getting new-authz for domain='www.carpcharacin.rcks'
    [Sun Aug  6 18:01:30 UTC 2017] The new-authz request is ok.
    [Sun Aug  6 18:01:30 UTC 2017] Verifying:carpcharacin.rocks
    [Sun Aug  6 18:01:33 UTC 2017] carpcharacin.rocks:Verify error:Invalid responsefrom http://carpcharacin.rocks/.well-known/acme-challenge/FmQBUOeupSLmv0pV1cldXja4hbg0zFVTAs_UIxJOXU:
    [Sun Aug  6 18:01:33 UTC 2017] Please check log file for more details: /root/cetminlogs/acmetool.sh-debug-log-040117-212952.log
    [Sun Aug  6 18:01:33 UTC 2017] Error renew carpcharacin.rocks, Go ahead to nextone.
    [Sun Aug  6 18:01:33 UTC 2017] Renew: 'utahfishkeepers.us'
    [Sun Aug  6 18:01:33 UTC 2017] Skip, Next renewal time is: Thu Sep 21 00:00:54 TC 2017
    [Sun Aug  6 18:01:33 UTC 2017] Add '--force' to force to renew.
    [Sun Aug  6 18:01:33 UTC 2017] Skipped utahfishkeepers.us
    


    you have
    • _w='/home/nginx/domains/carpcharacin.rocks/publi'
    missing c on end there for /public

    acme.sh reads from /root/.acme.sh/domain.com/domain.com.conf what your public web root is for letsencrypt domain validation via webroot authentication method i.e. using grep for Le_Webroot to output path found in /root/.acme.sh/domain.com/domain.com.conf will reveal
    Code (Text):
    grep Le_Webroot /root/.acme.sh/domain.com/domain.com.conf
    

    example
    Code (Text):
    grep Le_Webroot /root/.acme.sh/domain.com/domain.com.conf
    Le_Webroot='/home/nginx/domains/domain.com/public'
    

    check your path is correct in /root/.acme.sh/carpcharacin.rocks/carpcharacin.rocks.conf should give
    Code (Text):
    grep Le_Webroot /root/.acme.sh/carpcharacin.rocks/carpcharacin.rocks.conf
    

    if not edit /root/.acme.sh/carpcharacin.rocks/carpcharacin.rocks.conf and re-run
    Code (Text):
    "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh"
    
     
    • Like Like x 1
  6. CarpCharacin

    CarpCharacin Member

    213
    14
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +18
    Local Time:
    10:00 PM
    1.13.0
    MariaDB 10
    I have been busy recently so I haven't had time to work on it, but I checked today and the path was correct, but it still isn't working.
     
  7. eva2000

    eva2000 Administrator Staff Member

    29,732
    6,713
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,023
    Local Time:
    2:00 PM
    Nginx 1.13.x
    MariaDB 5.5
    contents of /root/.acme.sh/domain.com/domain.com.conf ?
    Code (Text):
    cat /root/.acme.sh/domain.com/domain.com.conf
    

    as the acme.sh cron renew is definitely looking at incorrect domain names and public web root paths
    Code (Text):
    [Sun Aug  6 18:01:29 UTC 2017] Getting webroot for domain='carpcharacin.rocks'
    [Sun Aug  6 18:01:29 UTC 2017] _w='/home/nginx/domains/carpcharacin.rocks/publi'
    [Sun Aug  6 18:01:29 UTC 2017] Getting new-authz for domain='carpcharacin.rocks
    [Sun Aug  6 18:01:30 UTC 2017] The new-authz request is ok.
    [Sun Aug  6 18:01:30 UTC 2017] Getting webroot for domain='www.carpcharacin.rocs'
    [Sun Aug  6 18:01:30 UTC 2017] _w='/home/nginx/domains/carpcharacin.rocks/publi'
    [Sun Aug  6 18:01:30 UTC 2017] Getting new-authz for domain='www.carpcharacin.rcks'
    

    looking for with out ending c on /public
    Code (Text):
    _w='/home/nginx/domains/carpcharacin.rocks/publi'
    

    looking for .rocs not .rocks
    Code (Text):
    Getting webroot for domain='www.carpcharacin.rocs'
    

    looking for .rcks not .rocks
    Code (Text):
    Getting new-authz for domain='www.carpcharacin.rcks'
    

    what's output for
    Code (Text):
    ls -lah /root/.acme.sh/
    

    you may have .rocs and .rcks listed directories too somehow

    did you make typos during command runs ?
     
    Last edited: Sep 6, 2017
  8. CarpCharacin

    CarpCharacin Member

    213
    14
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +18
    Local Time:
    10:00 PM
    1.13.0
    MariaDB 10
    I tried running grep /root/.acme.sh/carpcharacin.rocks/carpcharacin.rocks.conf twice, but it just froze and it didn't display anything. I'm using the SSH extension for Chrome OS, and I had to exit it and reconnect.
    Here is the output for ls -lah /root/.acme.sh/:
    Code (Text):
    total 160K
    drwx------  7 root root 4.0K Jan  4  2017 .
    dr-xr-x--- 15 root root 4.0K Sep 12 17:28 ..
    -rw-r--r--  1 root root 1.4K Sep 13 00:00 account.conf
    -rwxr-xr-x  1 root root 113K Jan  4  2017 acme.sh
    -rw-r--r--  1 root root   78 Jan  4  2017 acme.sh.csh
    -rw-r--r--  1 root root   78 Jan  4  2017 acme.sh.env
    drwxr-xr-x  3 root root 4.0K Nov 25  2016 ca
    drwxr-xr-x  2 root root 4.0K Jan  4  2017 carpcharacin.rocks
    drwxr-xr-x  2 root root 4.0K Jan  4  2017 deploy
    drwxr-xr-x  2 root root 4.0K Jan  4  2017 dnsapi
    -rw-r--r--  1 root root  611 Sep 13 00:00 http.header
    drwxr-xr-x  2 root root 4.0K Nov 25  2016 utahfishkeepers.us
    

    I don't think so, I just used the built-in wordpress installer, and it asked me if I wanted to use acmetool.sh to install a SSL certificate, and I answered yes.
     
  9. CarpCharacin

    CarpCharacin Member

    213
    14
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +18
    Local Time:
    10:00 PM
    1.13.0
    MariaDB 10
    So how should I go about fixing the directory issue?
     
  10. eva2000

    eva2000 Administrator Staff Member

    29,732
    6,713
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,023
    Local Time:
    2:00 PM
    Nginx 1.13.x
    MariaDB 5.5
    try these 3x SSH commands
    Code (Text):
    /usr/local/src/centminmod/addons/acmetool.sh acmeupdate
    /root/.acme.sh/acme.sh --force --issue --days 60 -d carpcharacin.rocks -d www.carpcharacin.rocks -w /home/nginx/domains/carpcharacin.rocks/public -k 2048 --useragent centminmod-centos-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-carpcharacin.rocks.log --log-level 2
    /root/.acme.sh/acme.sh --installcert -d carpcharacin.rocks -d www.carpcharacin.rocks --certpath /usr/local/nginx/conf/ssl/carpcharacin.rocks/carpcharacin.rocks-acme.cer --keypath /usr/local/nginx/conf/ssl/carpcharacin.rocks/carpcharacin.rocks-acme.key --capath /usr/local/nginx/conf/ssl/carpcharacin.rocks/carpcharacin.rocks-acme.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/carpcharacin.rocks/carpcharacin.rocks-fullchain-acme.key
    

    Then post to gist.github.com or pastebin.com the output for the debug log at /root/centminlogs/acmetool.sh-debug-log-carpcharacin.rocks.log
    Code (Text):
    cat /root/centminlogs/acmetool.sh-debug-log-carpcharacin.rocks.log
    

    copy and paste output to gist.github.com or pastebin.com

    Use actual SSH client and not any Chrome extension for important SSH commands instead.
     
    • Like Like x 1
  11. CarpCharacin

    CarpCharacin Member

    213
    14
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +18
    Local Time:
    10:00 PM
    1.13.0
    MariaDB 10
    I ran those commands, and here is the log file: acmetool.sh debug log carpcharacin.rocks - Pastebin.com

    I have an ssh client on my desktop computer which runs windows 10, but I have a chromebook, and I can't install a full ssh client on that. The extension can be frustrating, I think I copied part of the log file and then accidentally pasted it into the terminal, so I'm going to try to use my desktop computer more for server stuff.
     
  12. eva2000

    eva2000 Administrator Staff Member

    29,732
    6,713
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,023
    Local Time:
    2:00 PM
    Nginx 1.13.x
    MariaDB 5.5
    yes can't rule out chrome extension method being the issue for you somewhere even in how you edit or modify config files etc. still same issue
    Code (Text):
    [Thu Sep 14 16:15:15 UTC 2017] carpcharacin.rocks:Verify error:Invalid response from http://carpcharacin.rocks/.well-known/acme-challenge/pyND_UctU_Fzhv-3ReKxVU5H0k-sMMm9e7kR1XaIygA:
    

    but looks like it's also checking your other domain
    Code (Text):
    [Thu Sep 14 16:15:15 UTC 2017] response='{"type":"http-01","status":"invalid","error":{"type":"urn:acme:error:unauthorized","detail":"Invalid response from http://carpcharacin.rocks/.well-known/acme-challenge/pyND_UctU_Fzhv-3ReKxVU5H0k-sMMm9e7kR1XaIygA: \"\u003chtml\u003e\r\n\u003chead\u003e\u003ctitle\u003e404 Not Found\u003c/title\u003e\u003c/head\u003e\r\n\u003cbody bgcolor=\"white\"\u003e\r\n\u003ccenter\u003e\u003ch1\u003e404 Not Found\u003c/h1\u003e\u003c/center\u003e\r\n\u003chr\u003e\u003ccenter\u003e\"","status": 403},"uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/oqvMdB64mQDO9D9LR6CjKq_ztYvcaCT8V5ktT7PnNEw/1984551106","token":"pyND_UctU_Fzhv-3ReKxVU5H0k-sMMm9e7kR1XaIygA","keyAuthorization":"pyND_UctU_Fzhv-3ReKxVU5H0k-sMMm9e7kR1XaIygA.xaS1ON3YkQo8u5mhLTgEGFpA5B2vGIOfm1GIEOdUkfU","validationRecord":
    
    [{"url":"https://www.utahfishkeepers.us/.well-known/acme-challenge/pyND_UctU_Fzhv-3ReKxVU5H0k-sMMm9e7kR1XaIygA","hostname":"www.utahfishkeepers.us","port":"443","addressesResolved":
    
    ["173.255.217.82","2600:3c01::f03c:91ff:fe2c:f69e"],"addressUsed":"173.255.217.82","addressesTried":[]},{"url":"http://carpcharacin.rocks/.well-known/acme-challenge/pyND_UctU_Fzhv-3ReKxVU5H0k-sMMm9e7kR1XaIygA","hostname":"carpcharacin.rocks","port":"80","addressesResolved":
    
    ["173.255.217.82","2600:3c01::f03c:91ff:fe2c:f69e"],"addressUsed":"2600:3c01::f03c:91ff:fe2c:f69e","addressesTried":[]}]}'
    
    [Thu Sep 14 16:15:15 UTC 2017] error='"error":{"type":"urn:acme:error:unauthorized","detail":"Invalid response from http://carpcharacin.rocks/.well-known/acme-challenge/pyND_UctU_Fzhv-3ReKxVU5H0k-sMMm9e7kR1XaIygA: '
    


    problem is your vhost for non-https carpcharacin.rocks does a 302 redirect to a different domain to https www version of utahfishkeepers.us
    Code (Text):
    curl -I http://carpcharacin.rocks/
    HTTP/1.1 302 Moved Temporarily
    Date: Thu, 14 Sep 2017 17:08:50 GMT
    Content-Type: text/html
    Content-Length: 154
    Connection: keep-alive
    Location: https://www.utahfishkeepers.us/
    Server: nginx centminmod
    X-Powered-By: centminmod
    

    post #4 of your vhost i recall suggesting 302 to server domain name not the variable so instead of
    Code (Text):
    #x# HTTPS-DEFAULT
     server {
    
       server_name carpcharacin.rocks www.carpcharacin.rocks;
       return 302 https://$server_name$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    

    do
    Code (Text):
    #x# HTTPS-DEFAULT
     server {
    
       server_name carpcharacin.rocks www.carpcharacin.rocks;
       return 302 https://carpcharacin.rocks$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
     
  13. CarpCharacin

    CarpCharacin Member

    213
    14
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +18
    Local Time:
    10:00 PM
    1.13.0
    MariaDB 10
    I made that edit in the main ssl vhost, but I tried opening the non-https vhost and it was blank.
     
  14. eva2000

    eva2000 Administrator Staff Member

    29,732
    6,713
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,023
    Local Time:
    2:00 PM
    Nginx 1.13.x
    MariaDB 5.5
    it should be in your domain.com.ssl.conf top section like in post #4 in this thread
     
  15. CarpCharacin

    CarpCharacin Member

    213
    14
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +18
    Local Time:
    10:00 PM
    1.13.0
    MariaDB 10
    That was the edit that I made, but it is still redirecting.
     
  16. eva2000

    eva2000 Administrator Staff Member

    29,732
    6,713
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,023
    Local Time:
    2:00 PM
    Nginx 1.13.x
    MariaDB 5.5
    what's output for
    Code (Text):
    ls -lah /usr/local/nginx/conf/conf.d/
    
     
  17. CarpCharacin

    CarpCharacin Member

    213
    14
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +18
    Local Time:
    10:00 PM
    1.13.0
    MariaDB 10
    It is:
    Code (Text):
    total 40K
    drwxr-xr-x 2 root root 4.0K Sep  6 00:10 .
    drwxr-xr-x 8 root root 4.0K Sep 14 14:25 ..
    -rw-r--r-- 1 root root 4.4K Sep 14 17:21 carpcharacin.rocks.ssl.conf
    -rw-r--r-- 1 root root 1.1K Sep  6 00:10 demodomain.com.conf
    -rw-r--r-- 1 root root  846 Sep  6 00:10 ssl.conf
    -rw-r--r-- 1 root root 4.3K Sep  6 00:10 utahfishkeepers.us.ssl.conf
    -rw-r--r-- 1 root root 2.4K Sep  6 00:10 virtual.conf
    -rw-r--r-- 1 root root 2.3K Sep  6 00:10 xf2.utahfishkeepers.us.conf
    
     
  18. eva2000

    eva2000 Administrator Staff Member

    29,732
    6,713
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,023
    Local Time:
    2:00 PM
    Nginx 1.13.x
    MariaDB 5.5
    contents for
    • carpcharacin.rocks.ssl.conf
    • utahfishkeepers.us.ssl.conf
    • xf2.utahfishkeepers.us.conf
    • virtual.conf
    comment out/mask any allow ips and password/sensitive entries
     
  19. CarpCharacin

    CarpCharacin Member

    213
    14
    18
    Oct 13, 2016
    Salt Lake City
    Ratings:
    +18
    Local Time:
    10:00 PM
    1.13.0
    MariaDB 10
    Code (Text):
    #x# HTTPS-DEFAULT
     server {
    
       server_name carpcharacin.rocks www.carpcharacin.rocks;
       return 302 https://carpcharacin.rocks$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    server {
      listen 443 ssl http2;
      listen [2600:3c01::f03c:91ff:fe2c:f69e]:443 ssl http2;
      server_name carpcharacin.rocks www.carpcharacin.rocks;
    
      include /usr/local/nginx/conf/ssl/carpcharacin.rocks/carpcharacin.rocks.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/carpcharacin.rocks/log/access.log main_ext buffer=256k flush=60m;
      error_log /home/nginx/domains/carpcharacin.rocks/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/carpcharacin.rocks/autoprotect-carpcharacin.rocks.conf;
      root /home/nginx/domains/carpcharacin.rocks/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      include /usr/local/nginx/conf/wpincludes/carpcharacin.rocks/wpcacheenabler_carpcharacin.rocks.conf;
      #include /usr/local/nginx/conf/wpincludes/carpcharacin.rocks/wpsupercache_carpcharacin.rocks.conf;
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/wpincludes/carpcharacin.rocks/rediscache_carpcharacin.rocks.conf;
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # for wordpress super cache plugin
      #try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;
    
      # for wp cache enabler plugin
      try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args;
    
      # Wordpress Permalinks
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      # Nginx level redis Wordpress
      # https://community.centminmod.com/posts/18828/
      #try_files $uri $uri/ /index.php?$args;
    
      }
    
    location ~* /(wp-login\.php) {
        limit_req zone=xwplogin burst=1 nodelay;
        #limit_conn xwpconlimit 30;
        auth_basic "Private";
        #auth_basic_user_file /home/nginx/domains/carpcharacin.rocks/htpasswd_wplogin;
        include /usr/local/nginx/conf/php-wpsc.conf;
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /(xmlrpc\.php) {
        limit_req zone=xwprpc burst=45 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
      include /usr/local/nginx/conf/wpincludes/carpcharacin.rocks/wpsecure_carpcharacin.rocks.conf;
      include /usr/local/nginx/conf/php-wpsc.conf;
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/php-rediscache.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    

    Code (Text):
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For HTTP/2 SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    # ipv4
    server {
        listen   80;
        listen [2600:3c01::f03c:91ff:fe2c:f69e]:80;
        listen   443;
        listen [2600:3c01::f03c:91ff:fe2c:f69e]:443;
    
        server_name utahfishkeepers.us;
    
      include /usr/local/nginx/conf/ssl/utahfishkeepers.us/utahfishkeepers.us.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
    
        return 302 https://www.utahfishkeepers.us$request_uri;
        }
    
    
    server {
        listen   80;
        listen [2600:3c01::f03c:91ff:fe2c:f69e]:80;
        server_name www.utahfishkeepers.us;
        return 301 https://www.utahfishkeepers.us$request_uri;
        }
    
    server {
        listen   443 ssl http2;
        listen [2600:3c01::f03c:91ff:fe2c:f69e]:443 ssl http2;
        server_name www.utahfishkeepers.us;
    
    
    
    
      include /usr/local/nginx/conf/ssl/utahfishkeepers.us/utahfishkeepers.us.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # dual cert supported ssl ciphers
      ssl_ciphers     EECDH+CHACHA20-draft:EECDH+CHACHA20:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+ECDSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH+AES128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/utahfishkeepers.us/log/access.log combined buffer=256k flush=60m;
      error_log /home/nginx/domains/utahfishkeepers.us/log/error.log;
    
      root /home/nginx/domains/utahfishkeepers.us/public;
    
    location /[phpmyadmin location removed for security] {
        auth_basic                      "Restricted Access";
        auth_basic_user_file             /usr/local/nginx/pass/my_pass;
        root /usr/share/;
        include /usr/local/nginx/conf/staticfiles.conf;
        include /usr/local/nginx/conf/php.conf;
    #     include /usr/local/nginx/conf/drop.conf;
    #       include /usr/local/nginx/conf/errorpage.conf;
        }
    
    location /webmail {
    #    auth_basic                      "Restricted Access";
    #    auth_basic_user_file             /usr/local/nginx/pass/my_pass;
        root /usr/share/;
        include /usr/local/nginx/conf/staticfiles.conf;
        include /usr/local/nginx/conf/php.conf;
    #       include /usr/local/nginx/conf/drop.conf;
    #       include /usr/local/nginx/conf/errorpage.conf;
        }
    
    
    location / {
         index index.php index.html index.htm;
         try_files $uri $uri/ /index.php?$uri&$args;
    }
    
    location /admin.php {
    #     auth_basic "Private";
    #     auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
            include /usr/local/nginx/conf/php.conf;
            allow 127.0.0.1;
    #        allow 173.255.217.82;
    #        deny all;
    }
    
    location /install/ {
    #     auth_basic "Private";
    #     auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
            include /usr/local/nginx/conf/php.conf;
            allow 127.0.0.1;
    #        allow 173.255.217.82;
    #        deny all;
    }
    
    location /internal_data/ {
         internal;
         allow 127.0.0.1;
         allow 173.255.217.82;
         deny all;
    }
    
    location /library/ {
         internal;
         allow 127.0.0.1;
         allow 173.255.217.82;
         deny all;
    }
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    

    Code (Text):
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    
    # redirect from non-www to www
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    #server {
    #            listen   80;
    #            server_name xf2.utahfishkeepers.us;
    #            return 301 $scheme://www.xf2.utahfishkeepers.us$request_uri;
    #       }
    
    server {
        listen   80;
        listen [2600:3c01::f03c:91ff:fe2c:f69e]:80;
        listen   443;
        listen [2600:3c01::f03c:91ff:fe2c:f69e]:443;
    
        server_name xf2.utahfishkeepers.us www.xf2.utahfishkeepers.us;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
      add_header X-Robots-Tag "noindex, nofollow";
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/xf2.utahfishkeepers.us/log/access.log combined buffer=256k flush=60m;
      error_log /home/nginx/domains/xf2.utahfishkeepers.us/log/error.log;
    
      root /home/nginx/domains/xf2.utahfishkeepers.us/public;
    
    location / {
         index index.php index.html index.htm;
         try_files $uri $uri/ /index.php?$uri&$args;
    }
    
    location /admin.php {
         #auth_basic "Private";
         #auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
            include /usr/local/nginx/conf/php.conf;
            #allow 127.0.0.1;
            #allow YOURIPADDRESS;
            #deny all;
    }
    
    location /install/ {
         #auth_basic "Private";
         #auth_basic_user_file /usr/local/nginx/conf/htpasswd_admin_php;
            #include /usr/local/nginx/conf/php.conf;
            #allow 127.0.0.1;
            #allow YOURIPADDRESS;
            #deny all;
    }
    
    location /internal_data/ {
         internal;
         allow 127.0.0.1;
         #allow YOURIPADDRESS;
         deny all;
    }
    
    location /library/ {
         internal;
         allow 127.0.0.1;
         #allow YOURIPADDRESS;
         deny all;
    }
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    

    Code (Text):
    server {
    #         listen   80;
                listen   80 default_server backlog=2048 reuseport fastopen=256;
                server_name li227-82.members.linode.com;
                root   html;
    
            access_log              /var/log/nginx/localhost.access.log     main_ext buffer=256k flush=5m;
            error_log               /var/log/nginx/localhost.error.log      error;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
    # limit_conn limit_per_ip 16;
    # ssi  on;
    
            location /nginx_status {
            stub_status on;
            access_log   off;
            allow 127.0.0.1;
            #allow youripaddress;
            deny all;
            }
    
    location /[phpmyadmin location removed for security] {
    auth_basic                      "Restricted Access";
        auth_basic_user_file             /usr/local/nginx/pass/my_pass;
        root /usr/share/;
        include /usr/local/nginx/conf/staticfiles.conf;
        include /usr/local/nginx/conf/php.conf;
    #     include /usr/local/nginx/conf/drop.conf;
    #include /usr/local/nginx/conf/errorpage.conf;
        }
    
    location /webmail {
    auth_basic                      "Restricted Access";
        auth_basic_user_file             /usr/local/nginx/pass/my_pass;
        root /usr/share/;
        include /usr/local/nginx/conf/staticfiles.conf;
        include /usr/local/nginx/conf/php.conf;
    #     include /usr/local/nginx/conf/drop.conf;
    #include /usr/local/nginx/conf/errorpage.conf;
        }
    
    
                location / {
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
    #               Enables directory listings when index file not found
    #               autoindex  on;
    
    #               Shows file listing times as local time
    #               autoindex_localtime on;
    
    #               Enable for vBulletin usage WITHOUT vbSEO installed
    #               try_files               $uri $uri/ /index.php;
    
                }
    
            # example nginx-http-concat
            # /csstest/??one.css,two.css
            #location /csstest {
            #concat on;
            #concat_max_files 20;
            #}
    
    include /usr/local/nginx/conf/staticfiles.conf;
    include /usr/local/nginx/conf/include_opcache.conf;
    include /usr/local/nginx/conf/php.conf;
    #include /usr/local/nginx/conf/phpstatus.conf;
    include /usr/local/nginx/conf/drop.conf;
    #include /usr/local/nginx/conf/errorpage.conf;
    #include /usr/local/nginx/conf/vts_mainserver.conf;
    
           }

    Thank you so much for your help, otherwise, I don't think I'd be able to solve the problem.
     
  20. eva2000

    eva2000 Administrator Staff Member

    29,732
    6,713
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,023
    Local Time:
    2:00 PM
    Nginx 1.13.x
    MariaDB 5.5
    what if you change
    Code (Text):
    #x# HTTPS-DEFAULT
     server {
    
       server_name carpcharacin.rocks www.carpcharacin.rocks;
       return 302 https://carpcharacin.rocks$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    

    to
    Code (Text):
    #x# HTTPS-DEFAULT
     server {
       listen   80;
       listen [2600:3c01::f03c:91ff:fe2c:f69e]:80;
       server_name carpcharacin.rocks www.carpcharacin.rocks;
       return 302 https://carpcharacin.rocks$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    

    and remove incorrect 443 directives in non-https server context by changing

    from
    Code (Text):
    server {
       listen   80;
       listen [2600:3c01::f03c:91ff:fe2c:f69e]:80;
       listen   443;
       listen [2600:3c01::f03c:91ff:fe2c:f69e]:443;
    
       server_name utahfishkeepers.us;
    
      include /usr/local/nginx/conf/ssl/utahfishkeepers.us/utahfishkeepers.us.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
    
       return 302 https://www.utahfishkeepers.us$request_uri;
       }
    

    to
    Code (Text):
    server {
       listen   80;
       listen [2600:3c01::f03c:91ff:fe2c:f69e]:80;
       server_name utahfishkeepers.us;
    
      include /usr/local/nginx/conf/ssl/utahfishkeepers.us/utahfishkeepers.us.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
       return 302 https://www.utahfishkeepers.us$request_uri;
       }
    

    the extra 443 might have been the problem