Get the most out of your Centmin Mod LEMP stack
Become a Member

Sysadmin Additional IP And Nginx Setup

Discussion in 'System Administration' started by skringjer, Sep 27, 2019.

  1. skringjer

    skringjer Member

    95
    11
    8
    Apr 21, 2019
    Ratings:
    +19
    Local Time:
    7:45 PM
    Greetings everyone, i am trying to setup a new wordpress site with an additional IP, so i followed this guide Sysadmin - how to add new ips in centos 7 the proper way

    I first added the additional IP by creating a ifcfg-enp0s31f6:0 file and adding the below content in it
    Code:
    DEVICE=enp0s31f6
    ONBOOT=yes
    BOOTPROTO=none
    IPADDR=IP_ADDRESS
    NETMASK=255.255.255.248
    And then restarted the server, ifconfig only shows the old IP but ip a | grep 'inet ' shows
    Code:
        inet 127.0.0.1/8 scope host lo
        inet OLD_IP peer OLD_IP/32 brd OLD_IP scope global enp0s31f6
        inet OLD_IP/32 scope global enp0s31f6
        inet NEW_IP/29 brd NEW_IP scope global enp0s31f6
    And then in the /etc/centminmod/custom_config.inc i added
    Code:
    SECOND_IP=MY_SECONDIP
    But when i run Nginx option 2 to add the vhost, i get this error

    Code:
    mydomain.com is a top level domain
    your server IPv4 IP address: NEW_IP
    current DNS A record IPv4 address for mydomain.com is: NEW_IP
    
    !! Error: DNS A record IP doesn't match any found on this server
     
  2. eva2000

    eva2000 Administrator Staff Member

    41,724
    9,395
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,431
    Local Time:
    12:45 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    possibly the problem as it should show new IP

    what's output for these commands replacing yourdomain.com with your actual domain name entered on centmin.sh menu option 2 prompt
    Code (Text):
    vhostname_dns=yourdomain.com
    VHOST_ACHECK=$(dig -t A +short @8.8.8.8 $vhostname_dns)
    echo $VHOST_ACHECK
    

    and within same SSH session as above command, run command and post any output if any for
    Code (Text):
    ifconfig | grep 'inet' | grep $VHOST_ACHECK
    

    can you access server via the 2nd new IP address within browser as well ?
     
  3. eva2000

    eva2000 Administrator Staff Member

    41,724
    9,395
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,431
    Local Time:
    12:45 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Code (Text):
    DEVICE=enp0s31f6
    ONBOOT=yes
    BOOTPROTO=none
    IPADDR=IP_ADDRESS
    NETMASK=255.255.255.248
    

    might change BOOTPROTO=static
     
  4. eva2000

    eva2000 Administrator Staff Member

    41,724
    9,395
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,431
    Local Time:
    12:45 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    also can you ping your new IP ?
    Code (Text):
    ping -c4 newip
     
  5. skringjer

    skringjer Member

    95
    11
    8
    Apr 21, 2019
    Ratings:
    +19
    Local Time:
    7:45 PM
    So Output for the first commands is

    Code:
    My New IP
    Within the same session when i run ifconfig | grep 'inet' | grep $VHOST_ACHECK

    It gives no output

    And yes i can ping the new IP, it shows the Centmin Default Page too

    And Bootproto on both of the files is set to none, should i change it to static on both files?
    ifcfg-enp0s31f6 and ifcfg-enp0s31f6:0 ?
     
  6. eva2000

    eva2000 Administrator Staff Member

    41,724
    9,395
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,431
    Local Time:
    12:45 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    static or none should be the same though you can try static

    that's why you see that message below
    Code (Text):
    mydomain.com is a top level domain
    your server IPv4 IP address: NEW_IP
    current DNS A record IPv4 address for mydomain.com is: NEW_IP
    
    !! Error: DNS A record IP doesn't match any found on this server
    

    my routine does that ifconfig grep for second IP check, so might need to update the routine if your second IP does resolve to your server
     
  7. skringjer

    skringjer Member

    95
    11
    8
    Apr 21, 2019
    Ratings:
    +19
    Local Time:
    7:45 PM
  8. eva2000

    eva2000 Administrator Staff Member

    41,724
    9,395
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,431
    Local Time:
    12:45 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    CentOS 7 has worked for me with ifconfig and additional IPs hence why Centmin Mod routine was coded the way it is. For now, you can just use the main IP not second IP for creating live nginx site. Until I can update 123.09beta01 with a workaround/investigate more.
     
  9. skringjer

    skringjer Member

    95
    11
    8
    Apr 21, 2019
    Ratings:
    +19
    Local Time:
    7:45 PM
    Okay that sounds Good, :) You are just awesome, I have currently 3 sites on centmin and they all are performing 10x
     
  10. skringjer

    skringjer Member

    95
    11
    8
    Apr 21, 2019
    Ratings:
    +19
    Local Time:
    7:45 PM
    @eva2000 i tried to add the site with the Original IP but when the Vhost generation was completed it had the New IP in nginx Vhost and SSL also did not generate, so then i went again and edited /etc/centminmod/custom_config.inc and added the SECOND_IP=

    Invoked Centmin Option 22, added the new site and everything went fine except SSL did not generate and there is a strange thing, Even after installation of Wordpress the Centmin default page is showing up,

    snipped
     
    Last edited by a moderator: Sep 30, 2019
  11. skringjer

    skringjer Member

    95
    11
    8
    Apr 21, 2019
    Ratings:
    +19
    Local Time:
    7:45 PM
    Here is acmesh-issue_290919-172951.log log
    Code:
    [1;32;40m-----------------------------------------------------
    (B[mupdating acme.sh client...
    [1;32;40m-----------------------------------------------------
    (B[mCloning into 'acme.sh'...
    [Sun Sep 29 17:29:58 UTC 2019] It is recommended to install socat first.
    [Sun Sep 29 17:29:58 UTC 2019] We use socat for standalone server if you use standalone mode.
    [Sun Sep 29 17:29:58 UTC 2019] If you don't use standalone mode, just ignore this warning.
    [Sun Sep 29 17:29:58 UTC 2019] Installing to /root/.acme.sh
    [Sun Sep 29 17:29:58 UTC 2019] Installed to /root/.acme.sh/acme.sh
    [Sun Sep 29 17:29:58 UTC 2019] Installing alias to '/root/.bashrc'
    [Sun Sep 29 17:29:58 UTC 2019] OK, Close and reopen your terminal to start using acme.sh
    [Sun Sep 29 17:29:58 UTC 2019] Installing alias to '/root/.cshrc'
    [Sun Sep 29 17:29:59 UTC 2019] Installing alias to '/root/.tcshrc'
    [Sun Sep 29 17:29:59 UTC 2019] Installing cron job
    59 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
    [Sun Sep 29 17:29:59 UTC 2019] Good, bash is found, so change the shebang to use bash as preferred.
    [Sun Sep 29 17:29:59 UTC 2019] OK
    https://github.com/Neilpang/acme.sh
    v2.8.3
    [1;32;40m-----------------------------------------------------
    (B[macme.sh updated
    [1;32;40m-----------------------------------------------------
    (B[mbackup & remove /usr/local/nginx/conf/conf.d/mydomain.com.conf
    
    [self-signed ssl cert check] required by acmetool.sh
    
    [self-signed ssl] /usr/local/nginx/conf/ssl/mydomain.com/dhparam.pem exists
    [self-signed ssl] /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com.crt exists
    [self-signed ssl] /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com.key exists
    
    [sslvhostsetup] create /usr/local/nginx/conf/conf.d/mydomain.com.ssl.conf
    
    [wp] backup & remove /usr/local/nginx/conf/conf.d/mydomain.com.conf
    [wp] create /usr/local/nginx/conf/conf.d/mydomain.com.ssl.conf
    cp -a /usr/local/nginx/conf/conf.d/mydomain.com.ssl.conf /usr/local/nginx/conf/conf.d/mydomain.com.ssl.conf-wp2
    sed -i '1,12d' /usr/local/nginx/conf/conf.d/mydomain.com.ssl.conf-wp2
    cat /usr/local/nginx/conf/conf.d/mydomain.com.ssl.conf-wp1 /usr/local/nginx/conf/conf.d/mydomain.com.ssl.conf-wp2 > /usr/local/nginx/conf/conf.d/mydomain.com.ssl.conf
    cat /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com.crt.key.conf
      ssl_dhparam /usr/local/nginx/conf/ssl/mydomain.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com.key;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com-trusted.crt;
    Reloading nginx configuration (via systemctl):  [  OK  ]
    
    setting HTTPS default in /usr/local/nginx/conf/conf.d/mydomain.com.ssl.conf
    
    sed -i 's|^##x# HTTPS-DEFAULT|#x# HTTPS-DEFAULT|g' "/usr/local/nginx/conf/conf.d/mydomain.com.ssl.conf"
    sed -i "s|#x# server {| server {|" "/usr/local/nginx/conf/conf.d/mydomain.com.ssl.conf"
    sed -i "s|#x#   listen   MY_NEWIP:80;|   listen   MY_NEWIP:80;|" "/usr/local/nginx/conf/conf.d/mydomain.com.ssl.conf"
    sed -i "s|#x#   server_name mydomain.com www.mydomain.com;|   server_name mydomain.com www.mydomain.com;|" "/usr/local/nginx/conf/conf.d/mydomain.com.ssl.conf"
    sed -i "s|#x#   return 302 https://mydomain.com$request_uri;|   return 302 https://mydomain.com$request_uri;|" "/usr/local/nginx/conf/conf.d/mydomain.com.ssl.conf"
    sed -i "s|#x#   include \/usr\/local\/nginx\/conf\/staticfiles.conf;|   include \/usr\/local\/nginx\/conf\/staticfiles.conf;|" "/usr/local/nginx/conf/conf.d/mydomain.com.ssl.conf"
    sed -i "s|#x# }| }|" "/usr/local/nginx/conf/conf.d/mydomain.com.ssl.conf"
    
    remove /usr/local/nginx/conf/conf.d/mydomain.com.conf
    
    grep 'root' /usr/local/nginx/conf/conf.d/mydomain.com.ssl.conf
      root /home/nginx/domains/mydomain.com/public;
    
    -----------------------------------------------------------
    issue & install letsencrypt ssl certificate for mydomain.com
    -----------------------------------------------------------
    testcert value = wplived
    wp routine detected use reissue instead via --force
    /root/.acme.sh/acme.sh --force --issue -d mydomain.com -d www.mydomain.com --days 60 -w /home/nginx/domains/mydomain.com/public -k 2048 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-290919-172951.log --log-level 2
    [Sun Sep 29 17:30:01 UTC 2019] Multi domain='DNS:mydomain.com,DNS:www.mydomain.com'
    [Sun Sep 29 17:30:01 UTC 2019] Getting domain auth token for each domain
    [Sun Sep 29 17:30:11 UTC 2019] Getting webroot for domain='mydomain.com'
    [Sun Sep 29 17:30:11 UTC 2019] Getting webroot for domain='www.mydomain.com'
    [Sun Sep 29 17:30:11 UTC 2019] Verifying: mydomain.com
    [Sun Sep 29 17:30:18 UTC 2019] mydomain.com:Verify error:Invalid response from http://mydomain.com/.well-known/acme-challenge/N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs [MY_NEWIP]:
    [Sun Sep 29 17:30:18 UTC 2019] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-290919-172951.log
    LECHECK = 1
    
    log files saved at /root/centminlogs
    -rw-r--r-- 1 root root  42K Sep 29 17:30 acmetool.sh-debug-log-290919-172951.log
    -rw-r--r-- 1 root root 5.1K Sep 29 17:30 acmesh-issue_290919-172951.log
    
    
    
    And here is
    Code:
    [Sun Sep 29 17:30:00 UTC 2019] Lets find script dir.
    [Sun Sep 29 17:30:00 UTC 2019] _SCRIPT_='/root/.acme.sh/acme.sh'
    [Sun Sep 29 17:30:00 UTC 2019] _script='/root/.acme.sh/acme.sh'
    [Sun Sep 29 17:30:00 UTC 2019] _script_home='/root/.acme.sh'
    [Sun Sep 29 17:30:00 UTC 2019] Using config home:/root/.acme.sh
    [Sun Sep 29 17:30:00 UTC 2019] LE_WORKING_DIR='/root/.acme.sh'
    [Sun Sep 29 17:30:00 UTC 2019] Running cmd: issue
    [Sun Sep 29 17:30:00 UTC 2019] _main_domain='mydomain.com'
    [Sun Sep 29 17:30:00 UTC 2019] _alt_domains='www.mydomain.com'
    [Sun Sep 29 17:30:00 UTC 2019] Using config home:/root/.acme.sh
    [Sun Sep 29 17:30:00 UTC 2019] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
    [Sun Sep 29 17:30:00 UTC 2019] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org'
    [Sun Sep 29 17:30:00 UTC 2019] DOMAIN_PATH='/root/.acme.sh/mydomain.com'
    [Sun Sep 29 17:30:00 UTC 2019] '/home/nginx/domains/mydomain.com/public' does not contain 'dns'
    [Sun Sep 29 17:30:00 UTC 2019] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
    [Sun Sep 29 17:30:00 UTC 2019] _init api for server: https://acme-v02.api.letsencrypt.org/directory
    [Sun Sep 29 17:30:00 UTC 2019] GET
    [Sun Sep 29 17:30:00 UTC 2019] url='https://acme-v02.api.letsencrypt.org/directory'
    [Sun Sep 29 17:30:00 UTC 2019] timeout=
    [Sun Sep 29 17:30:00 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
    [Sun Sep 29 17:30:01 UTC 2019] ret='0'
    [Sun Sep 29 17:30:01 UTC 2019] response='{
      "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
      "meta": {
        "caaIdentities": [
          "letsencrypt.org"
        ],
        "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
        "website": "https://letsencrypt.org"
      },
      "nYhtS0MxxLM": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
      "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
      "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
      "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
      "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
    }'
    [Sun Sep 29 17:30:01 UTC 2019] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
    [Sun Sep 29 17:30:01 UTC 2019] ACME_NEW_AUTHZ
    [Sun Sep 29 17:30:01 UTC 2019] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
    [Sun Sep 29 17:30:01 UTC 2019] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
    [Sun Sep 29 17:30:01 UTC 2019] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
    [Sun Sep 29 17:30:01 UTC 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
    [Sun Sep 29 17:30:01 UTC 2019] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
    [Sun Sep 29 17:30:01 UTC 2019] ACME_VERSION='2'
    [Sun Sep 29 17:30:01 UTC 2019] Le_NextRenewTime
    [Sun Sep 29 17:30:01 UTC 2019] _on_before_issue
    [Sun Sep 29 17:30:01 UTC 2019] _chk_main_domain='mydomain.com'
    [Sun Sep 29 17:30:01 UTC 2019] _chk_alt_domains='www.mydomain.com'
    [Sun Sep 29 17:30:01 UTC 2019] '/home/nginx/domains/mydomain.com/public' does not contain 'no'
    [Sun Sep 29 17:30:01 UTC 2019] Le_LocalAddress
    [Sun Sep 29 17:30:01 UTC 2019] d='mydomain.com'
    [Sun Sep 29 17:30:01 UTC 2019] Check for domain='mydomain.com'
    [Sun Sep 29 17:30:01 UTC 2019] _currentRoot='/home/nginx/domains/mydomain.com/public'
    [Sun Sep 29 17:30:01 UTC 2019] d='www.mydomain.com'
    [Sun Sep 29 17:30:01 UTC 2019] Check for domain='www.mydomain.com'
    [Sun Sep 29 17:30:01 UTC 2019] _currentRoot='/home/nginx/domains/mydomain.com/public'
    [Sun Sep 29 17:30:01 UTC 2019] d
    [Sun Sep 29 17:30:01 UTC 2019] '/home/nginx/domains/mydomain.com/public' does not contain 'apache'
    [Sun Sep 29 17:30:01 UTC 2019] _saved_account_key_hash='v/xyIMFU073J529YTKFo6+1il8iwQ+L4/uBAWc0e/Ww='
    [Sun Sep 29 17:30:01 UTC 2019] _saved_account_key_hash is not changed, skip register account.
    [Sun Sep 29 17:30:01 UTC 2019] Read key length:2048
    [Sun Sep 29 17:30:01 UTC 2019] _createcsr
    [Sun Sep 29 17:30:01 UTC 2019] domain='mydomain.com'
    [Sun Sep 29 17:30:01 UTC 2019] domainlist='www.mydomain.com'
    [Sun Sep 29 17:30:01 UTC 2019] csrkey='/root/.acme.sh/mydomain.com/mydomain.com.key'
    [Sun Sep 29 17:30:01 UTC 2019] csr='/root/.acme.sh/mydomain.com/mydomain.com.csr'
    [Sun Sep 29 17:30:01 UTC 2019] csrconf='/root/.acme.sh/mydomain.com/mydomain.com.csr.conf'
    [Sun Sep 29 17:30:01 UTC 2019] _is_idn_d='www.mydomain.com'
    [Sun Sep 29 17:30:01 UTC 2019] _idn_temp
    [Sun Sep 29 17:30:01 UTC 2019] domainlist='www.mydomain.com'
    [Sun Sep 29 17:30:01 UTC 2019] _is_idn_d='mydomain.com'
    [Sun Sep 29 17:30:01 UTC 2019] _idn_temp
    [Sun Sep 29 17:30:01 UTC 2019] Multi domain='DNS:mydomain.com,DNS:www.mydomain.com'
    [Sun Sep 29 17:30:01 UTC 2019] _is_idn_d='mydomain.com'
    [Sun Sep 29 17:30:01 UTC 2019] _idn_temp
    [Sun Sep 29 17:30:01 UTC 2019] _csr_cn='mydomain.com'
    [Sun Sep 29 17:30:01 UTC 2019] Getting domain auth token for each domain
    [Sun Sep 29 17:30:01 UTC 2019] _is_idn_d='mydomain.com'
    [Sun Sep 29 17:30:01 UTC 2019] _idn_temp
    [Sun Sep 29 17:30:01 UTC 2019] d='www.mydomain.com'
    [Sun Sep 29 17:30:01 UTC 2019] _is_idn_d='www.mydomain.com'
    [Sun Sep 29 17:30:01 UTC 2019] _idn_temp
    [Sun Sep 29 17:30:01 UTC 2019] d
    [Sun Sep 29 17:30:01 UTC 2019] _identifiers='{"type":"dns","value":"mydomain.com"},{"type":"dns","value":"www.mydomain.com"}'
    [Sun Sep 29 17:30:01 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
    [Sun Sep 29 17:30:01 UTC 2019] payload='{"identifiers": [{"type":"dns","value":"mydomain.com"},{"type":"dns","value":"www.mydomain.com"}]}'
    [Sun Sep 29 17:30:01 UTC 2019] RSA key
    [Sun Sep 29 17:30:01 UTC 2019] _URGLY_PRINTF
    [Sun Sep 29 17:30:01 UTC 2019] xargs
    [Sun Sep 29 17:30:02 UTC 2019] _URGLY_PRINTF
    [Sun Sep 29 17:30:02 UTC 2019] xargs
    [Sun Sep 29 17:30:02 UTC 2019] Get nonce with HEAD. ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
    [Sun Sep 29 17:30:02 UTC 2019] HEAD
    [Sun Sep 29 17:30:02 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
    [Sun Sep 29 17:30:02 UTC 2019] body
    [Sun Sep 29 17:30:02 UTC 2019] _postContentType='application/jose+json'
    [Sun Sep 29 17:30:02 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g  -I  '
    [Sun Sep 29 17:30:02 UTC 2019] _ret='0'
    [Sun Sep 29 17:30:02 UTC 2019] _headers='HTTP/1.1 200 OK
    Server: nginx
    Date: Sun, 29 Sep 2019 17:30:02 GMT
    Connection: keep-alive
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Replay-Nonce: 0101FL4VWxeABXBq3lg-vDPQjvX2fRUnsSxknrBN2g6OqOI
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    
    '
    [Sun Sep 29 17:30:02 UTC 2019] _CACHED_NONCE='0101FL4VWxeABXBq3lg-vDPQjvX2fRUnsSxknrBN2g6OqOI'
    [Sun Sep 29 17:30:02 UTC 2019] nonce='0101FL4VWxeABXBq3lg-vDPQjvX2fRUnsSxknrBN2g6OqOI'
    [Sun Sep 29 17:30:02 UTC 2019] POST
    [Sun Sep 29 17:30:02 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
    [Sun Sep 29 17:30:02 UTC 2019] body='{"protected": "eyJub25jZSI6ICIwMTAxRkw0Vld4ZUFCWEJxM2xnLXZEUFFqdlgyZlJVbnNTeGtuckJOMmc2T3FPSSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yZGVyIiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82MDI3NTY0MyJ9", "payload": "eyJpZGVudGlmaWVycyI6IFt7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6ImFuaW1lZmV2ZXIudG8ifSx7InR5cGUiOiJkbnMiLCJ2YWx1ZSI6Ind3dy5hbmltZWZldmVyLnRvIn1dfQ", "signature": "WDlkbL7T9PnhAN37Wchyu93XMXLy3zBSoNB4rs3l3l5ej1qJOvA0jDQARCl5whTayJTcebQHYURitVWgq-7w0Lab9HKlbb9lwxiecu63DO9FzfsNXZwxJ3OsQCKN9Y0mxTR6Wmvj_QcoOAGWOqD-7rSOAKAkZE-SwJBDGAflE2Ze-F3Liy8V_1iVSQC90qk9xUvM1PqKjdnCLabRcVy_Jol9bWt1zO7UjE5ChlEUr4BGooLtQzwHA1AJyXVeJa_-msdtdOfyNLkmZvFj16HB0cQ27GmHVKy4NnulN4L2-iehwU3wzLiwRUr8KdFfU3-tjRGzeRtcWaygn1oO8MOAaA"}'
    [Sun Sep 29 17:30:02 UTC 2019] _postContentType='application/jose+json'
    [Sun Sep 29 17:30:02 UTC 2019] Http already initialized.
    [Sun Sep 29 17:30:02 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
    [Sun Sep 29 17:30:06 UTC 2019] _ret='0'
    [Sun Sep 29 17:30:06 UTC 2019] responseHeaders='HTTP/1.1 201 Created
    Server: nginx
    Date: Sun, 29 Sep 2019 17:30:06 GMT
    Content-Type: application/json
    Content-Length: 478
    Connection: keep-alive
    Boulder-Requester: 60275643
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Location: https://acme-v02.api.letsencrypt.org/acme/order/60275643/1185384964
    Replay-Nonce: 0002O7e44y3auCYUfUH_UAM2qHrBKuiJ88VyT4eMIV2YxPI
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    
    '
    [Sun Sep 29 17:30:06 UTC 2019] code='201'
    [Sun Sep 29 17:30:06 UTC 2019] original='{
      "status": "pending",
      "expires": "2019-10-06T17:30:05.55701402Z",
      "identifiers": [
        {
          "type": "dns",
          "value": "mydomain.com"
        },
        {
          "type": "dns",
          "value": "www.mydomain.com"
        }
      ],
      "authorizations": [
        "https://acme-v02.api.letsencrypt.org/acme/authz-v3/557232622",
        "https://acme-v02.api.letsencrypt.org/acme/authz-v3/557232625"
      ],
      "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/60275643/1185384964"
    }'
    [Sun Sep 29 17:30:06 UTC 2019] response='{"status":"pending","expires":"2019-10-06T17:30:05.55701402Z","identifiers":[{"type":"dns","value":"mydomain.com"},{"type":"dns","value":"www.mydomain.com"}],"authorizations":["https://acme-v02.api.letsencrypt.org/acme/authz-v3/557232622","https://acme-v02.api.letsencrypt.org/acme/authz-v3/557232625"],"finalize":"https://acme-v02.api.letsencrypt.org/acme/finalize/60275643/1185384964"}'
    [Sun Sep 29 17:30:06 UTC 2019] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/60275643/1185384964'
    [Sun Sep 29 17:30:06 UTC 2019] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/60275643/1185384964'
    [Sun Sep 29 17:30:06 UTC 2019] _authorizations_seg='https://acme-v02.api.letsencrypt.org/acme/authz-v3/557232622,https://acme-v02.api.letsencrypt.org/acme/authz-v3/557232625'
    [Sun Sep 29 17:30:06 UTC 2019] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/557232622'
    [Sun Sep 29 17:30:06 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/557232622'
    [Sun Sep 29 17:30:06 UTC 2019] payload
    [Sun Sep 29 17:30:06 UTC 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
    [Sun Sep 29 17:30:06 UTC 2019] Use _CACHED_NONCE='0002O7e44y3auCYUfUH_UAM2qHrBKuiJ88VyT4eMIV2YxPI'
    [Sun Sep 29 17:30:06 UTC 2019] nonce='0002O7e44y3auCYUfUH_UAM2qHrBKuiJ88VyT4eMIV2YxPI'
    [Sun Sep 29 17:30:06 UTC 2019] POST
    [Sun Sep 29 17:30:06 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/557232622'
    [Sun Sep 29 17:30:06 UTC 2019] body='{"protected": "eyJub25jZSI6ICIwMDAyTzdlNDR5M2F1Q1lVZlVIX1VBTTJxSHJCS3VpSjg4VnlUNGVNSVYyWXhQSSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvNTU3MjMyNjIyIiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82MDI3NTY0MyJ9", "payload": "", "signature": "Q3VvfdJb1nkMPa4ik93CGDHR8AmX94sKwDzUA3q8L6ajMloRPutFSovhK2LyC07NP--yl6JFrx1BUBDfT5rAPwzbNStYUKbb1YrmqYY91HYno45yOgzop7qah0OkESAh9pdA-_c7w8dQFCfwXilZmyHBkF1L-hwe-7DFLRzTkezQvLt9jPuVOzAux_cA6nPQgstFo4Jn-2KZDm1CdZtg-7XOXVEmgJ-fyGjuyUSqgSDjcOvH5DglGf4iXdC4reJnotuAHp4jkP4qngsOrv-b7UfEZSoMpDj6nwpf3ISIyp48zi25MESwcMuD0a0IDlGOHSO5YxYK-UE3MRPx0R8_WQ"}'
    [Sun Sep 29 17:30:06 UTC 2019] _postContentType='application/jose+json'
    [Sun Sep 29 17:30:06 UTC 2019] Http already initialized.
    [Sun Sep 29 17:30:06 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
    [Sun Sep 29 17:30:10 UTC 2019] _ret='0'
    [Sun Sep 29 17:30:10 UTC 2019] responseHeaders='HTTP/1.1 200 OK
    Server: nginx
    Date: Sun, 29 Sep 2019 17:30:10 GMT
    Content-Type: application/json
    Content-Length: 788
    Connection: keep-alive
    Boulder-Requester: 60275643
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Replay-Nonce: 00029e0w5w0Bh2Hrncd-QMQ5o8MvmeaYZRm8sQZkAdH1OIE
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    
    '
    [Sun Sep 29 17:30:10 UTC 2019] code='200'
    [Sun Sep 29 17:30:10 UTC 2019] original='{
      "identifier": {
        "type": "dns",
        "value": "mydomain.com"
      },
      "status": "pending",
      "expires": "2019-10-06T17:30:05Z",
      "challenges": [
        {
          "type": "http-01",
          "status": "pending",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw",
          "token": "N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs"
        },
        {
          "type": "dns-01",
          "status": "pending",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/TTw6vg",
          "token": "N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs"
        },
        {
          "type": "tls-alpn-01",
          "status": "pending",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/aoLW_w",
          "token": "N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs"
        }
      ]
    }'
    [Sun Sep 29 17:30:10 UTC 2019] response='{"identifier":{"type":"dns","value":"mydomain.com"},"status":"pending","expires":"2019-10-06T17:30:05Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw","token":"N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/TTw6vg","token":"N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/aoLW_w","token":"N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs"}]}'
    [Sun Sep 29 17:30:10 UTC 2019] response='{"identifier":{"type":"dns","value":"mydomain.com"},"status":"pending","expires":"2019-10-06T17:30:05Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw","token":"N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/TTw6vg","token":"N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/aoLW_w","token":"N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs"}]}'
    [Sun Sep 29 17:30:10 UTC 2019] _d='mydomain.com'
    [Sun Sep 29 17:30:10 UTC 2019] _authz_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/557232625'
    [Sun Sep 29 17:30:10 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/557232625'
    [Sun Sep 29 17:30:10 UTC 2019] payload
    [Sun Sep 29 17:30:10 UTC 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
    [Sun Sep 29 17:30:10 UTC 2019] Use _CACHED_NONCE='00029e0w5w0Bh2Hrncd-QMQ5o8MvmeaYZRm8sQZkAdH1OIE'
    [Sun Sep 29 17:30:10 UTC 2019] nonce='00029e0w5w0Bh2Hrncd-QMQ5o8MvmeaYZRm8sQZkAdH1OIE'
    [Sun Sep 29 17:30:10 UTC 2019] POST
    [Sun Sep 29 17:30:10 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/557232625'
    [Sun Sep 29 17:30:10 UTC 2019] body='{"protected": "eyJub25jZSI6ICIwMDAyOWUwdzV3MEJoMkhybmNkLVFNUTVvOE12bWVhWVpSbThzUVprQWRIMU9JRSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotdjMvNTU3MjMyNjI1IiwgImFsZyI6ICJSUzI1NiIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC82MDI3NTY0MyJ9", "payload": "", "signature": "uufjVh8pb1lr5vxripXWYzOLS88IYdougtD9lAWNlv6uSIcvajbo5QQEK3ZLu0AdMBUlH25pzg9nCGkTSTaAqtY35RhHqX_FTiQN7_v2WnZNspIDRO4rg4un3WZgWG1REljOPu_9-401NoGsYF9UZGks8rZ4icvJQwVgvpnT35FAox0G_OkDiWU7mocy5EP55Iil86M3oYy7lTPhT5n6eR2xGYSsorayNao9fMsbYxqxTr_Vynthi7ou7BhAQ2Us4wNvdDC4XjKfgIJibmwuhV9aW1pbhvxO4YNzBewft5w2BgrNcwFrExHLw2cTDYdfL2K9H3N0EBj04-NXX7Bveg"}'
    [Sun Sep 29 17:30:10 UTC 2019] _postContentType='application/jose+json'
    [Sun Sep 29 17:30:10 UTC 2019] Http already initialized.
    [Sun Sep 29 17:30:10 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
    [Sun Sep 29 17:30:11 UTC 2019] _ret='0'
    [Sun Sep 29 17:30:11 UTC 2019] responseHeaders='HTTP/1.1 200 OK
    Server: nginx
    Date: Sun, 29 Sep 2019 17:30:11 GMT
    Content-Type: application/json
    Content-Length: 792
    Connection: keep-alive
    Boulder-Requester: 60275643
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Replay-Nonce: 0001rKFLmmPRgAUoyvuXCJP6wYx8rSoaHQqnJZfNtHEzeII
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    
    '
    [Sun Sep 29 17:30:11 UTC 2019] code='200'
    [Sun Sep 29 17:30:11 UTC 2019] original='{
      "identifier": {
        "type": "dns",
        "value": "www.mydomain.com"
      },
      "status": "pending",
      "expires": "2019-10-06T17:30:05Z",
      "challenges": [
        {
          "type": "http-01",
          "status": "pending",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232625/O6BrCQ",
          "token": "Inkr8y5grjDc4w6zC4g7j-YfT6T4nQCdqFjXDY4SgPE"
        },
        {
          "type": "dns-01",
          "status": "pending",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232625/WNHuIg",
          "token": "Inkr8y5grjDc4w6zC4g7j-YfT6T4nQCdqFjXDY4SgPE"
        },
        {
          "type": "tls-alpn-01",
          "status": "pending",
          "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232625/K1AJWw",
          "token": "Inkr8y5grjDc4w6zC4g7j-YfT6T4nQCdqFjXDY4SgPE"
        }
      ]
    }'
    [Sun Sep 29 17:30:11 UTC 2019] response='{"identifier":{"type":"dns","value":"www.mydomain.com"},"status":"pending","expires":"2019-10-06T17:30:05Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232625/O6BrCQ","token":"Inkr8y5grjDc4w6zC4g7j-YfT6T4nQCdqFjXDY4SgPE"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232625/WNHuIg","token":"Inkr8y5grjDc4w6zC4g7j-YfT6T4nQCdqFjXDY4SgPE"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232625/K1AJWw","token":"Inkr8y5grjDc4w6zC4g7j-YfT6T4nQCdqFjXDY4SgPE"}]}'
    [Sun Sep 29 17:30:11 UTC 2019] response='{"identifier":{"type":"dns","value":"www.mydomain.com"},"status":"pending","expires":"2019-10-06T17:30:05Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232625/O6BrCQ","token":"Inkr8y5grjDc4w6zC4g7j-YfT6T4nQCdqFjXDY4SgPE"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232625/WNHuIg","token":"Inkr8y5grjDc4w6zC4g7j-YfT6T4nQCdqFjXDY4SgPE"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232625/K1AJWw","token":"Inkr8y5grjDc4w6zC4g7j-YfT6T4nQCdqFjXDY4SgPE"}]}'
    [Sun Sep 29 17:30:11 UTC 2019] _d='www.mydomain.com'
    [Sun Sep 29 17:30:11 UTC 2019] _authorizations_map='www.mydomain.com,{"identifier":{"type":"dns","value":"www.mydomain.com"},"status":"pending","expires":"2019-10-06T17:30:05Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232625/O6BrCQ","token":"Inkr8y5grjDc4w6zC4g7j-YfT6T4nQCdqFjXDY4SgPE"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232625/WNHuIg","token":"Inkr8y5grjDc4w6zC4g7j-YfT6T4nQCdqFjXDY4SgPE"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232625/K1AJWw","token":"Inkr8y5grjDc4w6zC4g7j-YfT6T4nQCdqFjXDY4SgPE"}]}
    mydomain.com,{"identifier":{"type":"dns","value":"mydomain.com"},"status":"pending","expires":"2019-10-06T17:30:05Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw","token":"N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/TTw6vg","token":"N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/aoLW_w","token":"N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs"}]}
    '
    [Sun Sep 29 17:30:11 UTC 2019] d='mydomain.com'
    [Sun Sep 29 17:30:11 UTC 2019] Getting webroot for domain='mydomain.com'
    [Sun Sep 29 17:30:11 UTC 2019] _w='/home/nginx/domains/mydomain.com/public'
    [Sun Sep 29 17:30:11 UTC 2019] _currentRoot='/home/nginx/domains/mydomain.com/public'
    [Sun Sep 29 17:30:11 UTC 2019] _is_idn_d='mydomain.com'
    [Sun Sep 29 17:30:11 UTC 2019] _idn_temp
    [Sun Sep 29 17:30:11 UTC 2019] response='{"identifier":{"type":"dns","value":"mydomain.com"},"status":"pending","expires":"2019-10-06T17:30:05Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw","token":"N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/TTw6vg","token":"N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/aoLW_w","token":"N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs"}]}'
    [Sun Sep 29 17:30:11 UTC 2019] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw","token":"N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs"'
    [Sun Sep 29 17:30:11 UTC 2019] token='N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs'
    [Sun Sep 29 17:30:11 UTC 2019] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw'
    [Sun Sep 29 17:30:11 UTC 2019] keyauthorization='N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs.4Cptpq_6QkRZxDdFI2Yzg_sF3sXR5uOr29VQlzXhqRg'
    [Sun Sep 29 17:30:11 UTC 2019] dvlist='mydomain.com#N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs.4Cptpq_6QkRZxDdFI2Yzg_sF3sXR5uOr29VQlzXhqRg#https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw#http-01#/home/nginx/domains/mydomain.com/public'
    [Sun Sep 29 17:30:11 UTC 2019] d='www.mydomain.com'
    [Sun Sep 29 17:30:11 UTC 2019] Getting webroot for domain='www.mydomain.com'
    [Sun Sep 29 17:30:11 UTC 2019] _w='/home/nginx/domains/mydomain.com/public'
    [Sun Sep 29 17:30:11 UTC 2019] _currentRoot='/home/nginx/domains/mydomain.com/public'
    [Sun Sep 29 17:30:11 UTC 2019] _is_idn_d='www.mydomain.com'
    [Sun Sep 29 17:30:11 UTC 2019] _idn_temp
    [Sun Sep 29 17:30:11 UTC 2019] response='{"identifier":{"type":"dns","value":"www.mydomain.com"},"status":"pending","expires":"2019-10-06T17:30:05Z","challenges":[{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232625/O6BrCQ","token":"Inkr8y5grjDc4w6zC4g7j-YfT6T4nQCdqFjXDY4SgPE"},{"type":"dns-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232625/WNHuIg","token":"Inkr8y5grjDc4w6zC4g7j-YfT6T4nQCdqFjXDY4SgPE"},{"type":"tls-alpn-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232625/K1AJWw","token":"Inkr8y5grjDc4w6zC4g7j-YfT6T4nQCdqFjXDY4SgPE"}]}'
    [Sun Sep 29 17:30:11 UTC 2019] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232625/O6BrCQ","token":"Inkr8y5grjDc4w6zC4g7j-YfT6T4nQCdqFjXDY4SgPE"'
    [Sun Sep 29 17:30:11 UTC 2019] token='Inkr8y5grjDc4w6zC4g7j-YfT6T4nQCdqFjXDY4SgPE'
    [Sun Sep 29 17:30:11 UTC 2019] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232625/O6BrCQ'
    [Sun Sep 29 17:30:11 UTC 2019] keyauthorization='Inkr8y5grjDc4w6zC4g7j-YfT6T4nQCdqFjXDY4SgPE.4Cptpq_6QkRZxDdFI2Yzg_sF3sXR5uOr29VQlzXhqRg'
    [Sun Sep 29 17:30:11 UTC 2019] dvlist='www.mydomain.com#Inkr8y5grjDc4w6zC4g7j-YfT6T4nQCdqFjXDY4SgPE.4Cptpq_6QkRZxDdFI2Yzg_sF3sXR5uOr29VQlzXhqRg#https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232625/O6BrCQ#http-01#/home/nginx/domains/mydomain.com/public'
    [Sun Sep 29 17:30:11 UTC 2019] d
    [Sun Sep 29 17:30:11 UTC 2019] vlist='mydomain.com#N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs.4Cptpq_6QkRZxDdFI2Yzg_sF3sXR5uOr29VQlzXhqRg#https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw#http-01#/home/nginx/domains/mydomain.com/public,www.mydomain.com#Inkr8y5grjDc4w6zC4g7j-YfT6T4nQCdqFjXDY4SgPE.4Cptpq_6QkRZxDdFI2Yzg_sF3sXR5uOr29VQlzXhqRg#https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232625/O6BrCQ#http-01#/home/nginx/domains/mydomain.com/public,'
    [Sun Sep 29 17:30:11 UTC 2019] d='mydomain.com'
    [Sun Sep 29 17:30:11 UTC 2019] d='www.mydomain.com'
    [Sun Sep 29 17:30:11 UTC 2019] ok, let's start to verify
    [Sun Sep 29 17:30:11 UTC 2019] Verifying: mydomain.com
    [Sun Sep 29 17:30:11 UTC 2019] d='mydomain.com'
    [Sun Sep 29 17:30:11 UTC 2019] keyauthorization='N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs.4Cptpq_6QkRZxDdFI2Yzg_sF3sXR5uOr29VQlzXhqRg'
    [Sun Sep 29 17:30:11 UTC 2019] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw'
    [Sun Sep 29 17:30:11 UTC 2019] _currentRoot='/home/nginx/domains/mydomain.com/public'
    [Sun Sep 29 17:30:11 UTC 2019] wellknown_path='/home/nginx/domains/mydomain.com/public/.well-known/acme-challenge'
    [Sun Sep 29 17:30:11 UTC 2019] writing token:N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs to /home/nginx/domains/mydomain.com/public/.well-known/acme-challenge/N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs
    [Sun Sep 29 17:30:11 UTC 2019] Changing owner/group of .well-known to nginx:nginx
    [Sun Sep 29 17:30:11 UTC 2019] Trigger domain validation.
    [Sun Sep 29 17:30:11 UTC 2019] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw'
    [Sun Sep 29 17:30:11 UTC 2019] _t_key_authz='N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs.4Cptpq_6QkRZxDdFI2Yzg_sF3sXR5uOr29VQlzXhqRg'
    [Sun Sep 29 17:30:11 UTC 2019] _t_vtype='http-01'
    [Sun Sep 29 17:30:11 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw'
    [Sun Sep 29 17:30:11 UTC 2019] payload='{}'
    [Sun Sep 29 17:30:11 UTC 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
    [Sun Sep 29 17:30:11 UTC 2019] Use _CACHED_NONCE='0001rKFLmmPRgAUoyvuXCJP6wYx8rSoaHQqnJZfNtHEzeII'
    [Sun Sep 29 17:30:11 UTC 2019] nonce='0001rKFLmmPRgAUoyvuXCJP6wYx8rSoaHQqnJZfNtHEzeII'
    [Sun Sep 29 17:30:11 UTC 2019] POST
    [Sun Sep 29 17:30:11 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw'
    [Sun Sep 29 17:30:11 UTC 2019] body='{"protected": "eyJub25jZSI6ICIwMDAxcktGTG1tUFJnQVVveXZ1WENKUDZ3WXg4clNvYUhRcW5KWmZOdEhFemVJSSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvNTU3MjMyNjIyL0plVUJEdyIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjAyNzU2NDMifQ", "payload": "e30", "signature": "zPfc9W8kVBACBOA80oo4saEaIEXN5olXVI12qFa5g8Nd205Tbkk31Gq4eAhYdNUBtdMwiZioVaEzhl7ogEjsdr-PkFCjhO3rf2ymvCWqPdDUCGKApZVI14n663ER6_HWD3RYaq5LrSfutaG2SC5VmzZ4pvhjKRHkBS48BlYMl6fNhxWDK2qaeHs_VhGw8ZbQ5ZIxZSzYIhRjyvyj4iLZZegJgNMNy7N2_ktDuU3GjPKvUDTSDvskJGJM5XrEp7uw0emsnID8sguUdY41-mWcpuQJsZM1O8fEJYFGTCF1poeWkuHeX4vOXY_r5-VrGs5x1BF7GMXNhfXJb5RRB1FiVw"}'
    [Sun Sep 29 17:30:11 UTC 2019] _postContentType='application/jose+json'
    [Sun Sep 29 17:30:11 UTC 2019] Http already initialized.
    [Sun Sep 29 17:30:11 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
    [Sun Sep 29 17:30:15 UTC 2019] _ret='0'
    [Sun Sep 29 17:30:15 UTC 2019] responseHeaders='HTTP/1.1 200 OK
    Server: nginx
    Date: Sun, 29 Sep 2019 17:30:15 GMT
    Content-Type: application/json
    Content-Length: 184
    Connection: keep-alive
    Boulder-Requester: 60275643
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/557232622>;rel="up"
    Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw
    Replay-Nonce: 0002UlxR-KZUYmOxdl080qmOx6GGercR6voTodq6PbP02EU
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    
    '
    [Sun Sep 29 17:30:15 UTC 2019] code='200'
    [Sun Sep 29 17:30:15 UTC 2019] original='{
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw",
      "token": "N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs"
    }'
    [Sun Sep 29 17:30:15 UTC 2019] response='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw","token":"N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs"}'
    [Sun Sep 29 17:30:15 UTC 2019] trigger validation code: 200
    [Sun Sep 29 17:30:15 UTC 2019] sleep 2 secs to verify
    [Sun Sep 29 17:30:17 UTC 2019] checking
    [Sun Sep 29 17:30:17 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw'
    [Sun Sep 29 17:30:17 UTC 2019] payload
    [Sun Sep 29 17:30:17 UTC 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
    [Sun Sep 29 17:30:17 UTC 2019] Use _CACHED_NONCE='0002UlxR-KZUYmOxdl080qmOx6GGercR6voTodq6PbP02EU'
    [Sun Sep 29 17:30:17 UTC 2019] nonce='0002UlxR-KZUYmOxdl080qmOx6GGercR6voTodq6PbP02EU'
    [Sun Sep 29 17:30:17 UTC 2019] POST
    [Sun Sep 29 17:30:17 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw'
    [Sun Sep 29 17:30:17 UTC 2019] body='{"protected": "eyJub25jZSI6ICIwMDAyVWx4Ui1LWlVZbU94ZGwwODBxbU94NkdHZXJjUjZ2b1RvZHE2UGJQMDJFVSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvNTU3MjMyNjIyL0plVUJEdyIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjAyNzU2NDMifQ", "payload": "", "signature": "eoKPIHVhJ2HLVyI2VJjqnIuynFaR-z3gOg5N9qeBBwWPMRoODBrZX7NEyhkfs4T1Tb2zmC43rnT7zi1WxuGrAdQ9m6YJXkHla8eM6lZ8RtU13hZI7BjVBfz3u27BEYa1LGbXpEp0JfRNisYNyfTUfgbL36UQyj4fY7hVuxAOR1M8i9vidzi-4JuwOkVz-POmcMHe2h0IDPoYQB8_b-NLVOnV8UzdHbIJvHuvh0wtqk1CmsdpUApUtV63p0dRuqo2k1LWIWbgvf6jhA_PCynabJdv2KoELwJTQTY9e5vOkLqowGpq6lyEn4nm-zzsOjZpkPL34yf5shyoI5IkLDg0_g"}'
    [Sun Sep 29 17:30:17 UTC 2019] _postContentType='application/jose+json'
    [Sun Sep 29 17:30:17 UTC 2019] Http already initialized.
    [Sun Sep 29 17:30:17 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
    [Sun Sep 29 17:30:18 UTC 2019] _ret='0'
    [Sun Sep 29 17:30:18 UTC 2019] responseHeaders='HTTP/1.1 200 OK
    Server: nginx
    Date: Sun, 29 Sep 2019 17:30:18 GMT
    Content-Type: application/json
    Content-Length: 1009
    Connection: keep-alive
    Boulder-Requester: 60275643
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/557232622>;rel="up"
    Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw
    Replay-Nonce: 0002KNR4RVKFAZIR_axgGyPo9KyiKPQGfv0Ag0pgKr5EGoU
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    
    '
    [Sun Sep 29 17:30:18 UTC 2019] code='200'
    [Sun Sep 29 17:30:18 UTC 2019] original='{
      "type": "http-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:unauthorized",
        "detail": "Invalid response from http://mydomain.com/.well-known/acme-challenge/N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs [MY_NEWIP]: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e404 Not Found\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e404 Not Found\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003enginx\u003c/center\u003e\\r\\n\"",
        "status": 403
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw",
      "token": "N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs",
      "validationRecord": [
        {
          "url": "http://mydomain.com/.well-known/acme-challenge/N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs",
          "hostname": "mydomain.com",
          "port": "80",
          "addressesResolved": [
            "MY_NEWIP"
          ],
          "addressUsed": "MY_NEWIP"
        }
      ]
    }'
    [Sun Sep 29 17:30:18 UTC 2019] response='{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"Invalid response from http://mydomain.com/.well-known/acme-challenge/N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs [MY_NEWIP]: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e404 Not Found\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e404 Not Found\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003enginx\u003c/center\u003e\\r\\n\"","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw","token":"N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs","validationRecord":[{"url":"http://mydomain.com/.well-known/acme-challenge/N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs","hostname":"mydomain.com","port":"80","addressesResolved":["MY_NEWIP"],"addressUsed":"MY_NEWIP"}]}'
    [Sun Sep 29 17:30:18 UTC 2019] original='{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"Invalid response from http://mydomain.com/.well-known/acme-challenge/N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs [MY_NEWIP]: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e404 Not Found\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e404 Not Found\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003enginx\u003c/center\u003e\\r\\n\"","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw","token":"N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs","validationRecord":[{"url":"http://mydomain.com/.well-known/acme-challenge/N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs","hostname":"mydomain.com","port":"80","addressesResolved":["MY_NEWIP"],"addressUsed":"MY_NEWIP"}]}'
    [Sun Sep 29 17:30:18 UTC 2019] response='{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"Invalid response from http://mydomain.com/.well-known/acme-challenge/N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs [MY_NEWIP]: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e404 Not Found\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e404 Not Found\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003enginx\u003c/center\u003e\\r\\n\"","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw","token":"N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs","validationRecord":[{"url":"http://mydomain.com/.well-known/acme-challenge/N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs","hostname":"mydomain.com","port":"80","addressesResolved":["MY_NEWIP"],"addressUsed":"MY_NEWIP"}]}'
    [Sun Sep 29 17:30:18 UTC 2019] error='"error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"Invalid response from http://mydomain.com/.well-known/acme-challenge/N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs [MY_NEWIP]: '
    [Sun Sep 29 17:30:18 UTC 2019] errordetail='Invalid response from http://mydomain.com/.well-known/acme-challenge/N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs [MY_NEWIP]: '
    [Sun Sep 29 17:30:18 UTC 2019] mydomain.com:Verify error:Invalid response from http://mydomain.com/.well-known/acme-challenge/N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs [MY_NEWIP]:
    [Sun Sep 29 17:30:18 UTC 2019] pid
    [Sun Sep 29 17:30:18 UTC 2019] No need to restore nginx, skip.
    [Sun Sep 29 17:30:18 UTC 2019] _clearupdns
    [Sun Sep 29 17:30:18 UTC 2019] dns_entries
    [Sun Sep 29 17:30:18 UTC 2019] skip dns.
    [Sun Sep 29 17:30:18 UTC 2019] _on_issue_err
    [Sun Sep 29 17:30:18 UTC 2019] Please check log file for more details: /root/centminlogs/acmetool.sh-debug-log-290919-172951.log
    [Sun Sep 29 17:30:18 UTC 2019] _chk_vlist='mydomain.com#N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs.4Cptpq_6QkRZxDdFI2Yzg_sF3sXR5uOr29VQlzXhqRg#https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw#http-01#/home/nginx/domains/mydomain.com/public,www.mydomain.com#Inkr8y5grjDc4w6zC4g7j-YfT6T4nQCdqFjXDY4SgPE.4Cptpq_6QkRZxDdFI2Yzg_sF3sXR5uOr29VQlzXhqRg#https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232625/O6BrCQ#http-01#/home/nginx/domains/mydomain.com/public,'
    [Sun Sep 29 17:30:18 UTC 2019] start to deactivate authz
    [Sun Sep 29 17:30:18 UTC 2019] Trigger domain validation.
    [Sun Sep 29 17:30:18 UTC 2019] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw'
    [Sun Sep 29 17:30:18 UTC 2019] _t_key_authz='N0NME7wcb9C8HXUReUd7zES-DPW-_svRmT0WrFdcmqs.4Cptpq_6QkRZxDdFI2Yzg_sF3sXR5uOr29VQlzXhqRg'
    [Sun Sep 29 17:30:18 UTC 2019] _t_vtype
    [Sun Sep 29 17:30:18 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw'
    [Sun Sep 29 17:30:18 UTC 2019] payload='{}'
    [Sun Sep 29 17:30:18 UTC 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
    [Sun Sep 29 17:30:18 UTC 2019] Use _CACHED_NONCE='0002KNR4RVKFAZIR_axgGyPo9KyiKPQGfv0Ag0pgKr5EGoU'
    [Sun Sep 29 17:30:18 UTC 2019] nonce='0002KNR4RVKFAZIR_axgGyPo9KyiKPQGfv0Ag0pgKr5EGoU'
    [Sun Sep 29 17:30:18 UTC 2019] POST
    [Sun Sep 29 17:30:18 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232622/JeUBDw'
    [Sun Sep 29 17:30:18 UTC 2019] body='{"protected": "eyJub25jZSI6ICIwMDAyS05SNFJWS0ZBWklSX2F4Z0d5UG85S3lpS1BRR2Z2MEFnMHBnS3I1RUdvVSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvNTU3MjMyNjIyL0plVUJEdyIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjAyNzU2NDMifQ", "payload": "e30", "signature": "HqkjyoZ4PsMr_QVM5aw8Uz4ldijiPXsJwueuJD6CjKdGYCJvYCA5eORPiI82h7eBZMS-zCXHvUPIKCaLyEoiFCKlYsHAm9YgbnI0395igWMq_NV3AdLtCIjm2UiK85GHLooU9mAwThC6QlmHlc0WWdYAUpwnFw-n7PD2jS_Khd7JFWw_kaAFQvv_3McweV3P2d4ZamZO7hYDvaYhj47bWv3X58lXwqEKsr2gEJ64wQPxEEXU699Z8Cdr3U_tQs0LWqAZ4JRANC-5bDAUipHxZ88fP0jRUfXVak8fQZHVqLRVQSl1ccTlO90DI1_xc8rdWVmCt9nfFiZOFP-k1anAlA"}'
    [Sun Sep 29 17:30:18 UTC 2019] _postContentType='application/jose+json'
    [Sun Sep 29 17:30:18 UTC 2019] Http already initialized.
    [Sun Sep 29 17:30:18 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
    [Sun Sep 29 17:30:20 UTC 2019] _ret='0'
    [Sun Sep 29 17:30:20 UTC 2019] responseHeaders='HTTP/1.1 400 Bad Request
    Server: nginx
    Date: Sun, 29 Sep 2019 17:30:20 GMT
    Content-Type: application/problem+json
    Content-Length: 144
    Connection: keep-alive
    Boulder-Requester: 60275643
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Replay-Nonce: 0002JZ-_lejc708eziNl1JyVk9c_f5v44G3L6LY2hrpTj7M
    
    '
    [Sun Sep 29 17:30:20 UTC 2019] code='400'
    [Sun Sep 29 17:30:20 UTC 2019] original='{
      "type": "urn:ietf:params:acme:error:malformed",
      "detail": "Unable to update challenge :: authorization must be pending",
      "status": 400
    }'
    [Sun Sep 29 17:30:20 UTC 2019] response='{
      "type": "urn:ietf:params:acme:error:malformed",
      "detail": "Unable to update challenge :: authorization must be pending",
      "status": 400
    }'
    [Sun Sep 29 17:30:20 UTC 2019] Trigger domain validation.
    [Sun Sep 29 17:30:20 UTC 2019] _t_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232625/O6BrCQ'
    [Sun Sep 29 17:30:20 UTC 2019] _t_key_authz='Inkr8y5grjDc4w6zC4g7j-YfT6T4nQCdqFjXDY4SgPE.4Cptpq_6QkRZxDdFI2Yzg_sF3sXR5uOr29VQlzXhqRg'
    [Sun Sep 29 17:30:20 UTC 2019] _t_vtype
    [Sun Sep 29 17:30:20 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232625/O6BrCQ'
    [Sun Sep 29 17:30:20 UTC 2019] payload='{}'
    [Sun Sep 29 17:30:20 UTC 2019] Use cached jwk for file: /root/.acme.sh/ca/acme-v02.api.letsencrypt.org/account.key
    [Sun Sep 29 17:30:20 UTC 2019] Use _CACHED_NONCE='0002JZ-_lejc708eziNl1JyVk9c_f5v44G3L6LY2hrpTj7M'
    [Sun Sep 29 17:30:20 UTC 2019] nonce='0002JZ-_lejc708eziNl1JyVk9c_f5v44G3L6LY2hrpTj7M'
    [Sun Sep 29 17:30:20 UTC 2019] POST
    [Sun Sep 29 17:30:20 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232625/O6BrCQ'
    [Sun Sep 29 17:30:20 UTC 2019] body='{"protected": "eyJub25jZSI6ICIwMDAySlotX2xlamM3MDhlemlObDFKeVZrOWNfZjV2NDRHM0w2TFkyaHJwVGo3TSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvY2hhbGwtdjMvNTU3MjMyNjI1L082QnJDUSIsICJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvNjAyNzU2NDMifQ", "payload": "e30", "signature": "1x_NL2p2-EuxbK8GZ1sMqifXV0cddHecgFOEaXpXxJkXmOS2MUcAXRHa_nEqi2cpjh9lRI9dpkUTI_g4Vd4Jx1UEoMFZei1a_JhjCDl61QJpWo7RS4iEBAklZKiYgWo9sCP3XzhHiwT0KTgP0Bs0ln4cqrS5b_LNFxpS1P_atG6uooc3f6uUPb7HkSPlcNN0XSW1FQFDIG5p2n8NEW3oMjqSkt_FOWu0Gvm7FNPl3DVpm0aby1W8nQQfTKZ-ZXtEWKrIoA-rmUP8fcs--V0YoXpr1A7au2oVTA4Z_4YJIH9Twx_gPer_Qgce8CM2FTEa-9-UxXMdgZZio52rf_s7Pw"}'
    [Sun Sep 29 17:30:20 UTC 2019] _postContentType='application/jose+json'
    [Sun Sep 29 17:30:20 UTC 2019] Http already initialized.
    [Sun Sep 29 17:30:20 UTC 2019] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  -g '
    [Sun Sep 29 17:30:21 UTC 2019] _ret='0'
    [Sun Sep 29 17:30:21 UTC 2019] responseHeaders='HTTP/1.1 200 OK
    Server: nginx
    Date: Sun, 29 Sep 2019 17:30:20 GMT
    Content-Type: application/json
    Content-Length: 184
    Connection: keep-alive
    Boulder-Requester: 60275643
    Cache-Control: public, max-age=0, no-cache
    Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
    Link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/557232625>;rel="up"
    Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232625/O6BrCQ
    Replay-Nonce: 0102DdPBhI31YmtjTZqL_pVcdW6Al9awOpziKHgUfFRo0y4
    X-Frame-Options: DENY
    Strict-Transport-Security: max-age=604800
    
    '
    [Sun Sep 29 17:30:21 UTC 2019] code='200'
    [Sun Sep 29 17:30:21 UTC 2019] original='{
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232625/O6BrCQ",
      "token": "Inkr8y5grjDc4w6zC4g7j-YfT6T4nQCdqFjXDY4SgPE"
    }'
    [Sun Sep 29 17:30:21 UTC 2019] response='{"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/557232625/O6BrCQ","token":"Inkr8y5grjDc4w6zC4g7j-YfT6T4nQCdqFjXDY4SgPE"}'
    
     
    Last edited: Sep 30, 2019
  12. eva2000

    eva2000 Administrator Staff Member

    41,724
    9,395
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,431
    Local Time:
    12:45 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    you should remove SECOND_IP altogether rather than leave it empty - you can uninstall the attempted centmin.sh menu option 22 wordpress site and try again after you have removed SECOND_IP from persistent config file /etc/centminmod/custom_config.inc

    Every centmin.sh menu option 22 run has an accompanying uninstall script at /root/tools/wp_uninstall_${vhostname}.sh where ${vhostname} = your domain name. You can run that to uninstall almost everything except mysql database which you have to manually remove yourself - extra precaution in case you accidentally run the wrong uninstall script.
     
  13. eva2000

    eva2000 Administrator Staff Member

    41,724
    9,395
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,431
    Local Time:
    12:45 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    @skringjer also need to fix up your domain's DNS A records for non-www and www, as they both go to different IP addresses right now
     
  14. skringjer

    skringjer Member

    95
    11
    8
    Apr 21, 2019
    Ratings:
    +19
    Local Time:
    7:45 PM
    Okay so i removed the SECOND_IP from the custom_config.inc conf and removed the old installation using the above script. Checked the DNS to see its pointing to the OLD IP, and it was

    Re-run option 22 to add the new site but again, an error
    Code:
    mydomain.com:Verify error:Invalid response from http://mydomain.com/.well-known/acme-challenge/3DeB1sSDDII-3Z8lnl7gV3Ak_CCk2MUgDml91n1pON
    Plus i dont get it why the Centmin default page is appearing on the domain, it should be WordPress,
     
    Last edited: Sep 30, 2019
  15. eva2000

    eva2000 Administrator Staff Member

    41,724
    9,395
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,431
    Local Time:
    12:45 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    after editing nginx vhosts did you only restart nginx or nginx and php-fpm services, try restarting both

    did you properly setup main hostname from Getting Started Guide step 1 ?
    Code (Text):
    nprestart

    When you install Centmin Mod it's setup a main hostname nginx vhost host for server which is where Nginx default install index page is shown. Accessing server via IP address will show that page and it's correct and should be left as is as the main hostname site is also used for statistics pages outlined here. When you create a new Nginx vhost site via centmin.sh menu option 2, 22 or nv commands, you have a separate Nginx vhost directory structure. The differences are outlined on official Config file page and at Getting Started Guide step 1 and bottom of that page here.
    If your site domain name when visited redirects to main hostname and default nginx index page, then that is usually due to the main hostname being same as the site domain name which is incorrect as they need to differ.

    What does your /usr/local/nginx/conf/conf.d/virtual.conf and /usr/local/nginx/conf/conf.d/yourdomain.com.conf contents look like ? Make sure virtual.conf main hostname's server_name isn't same as any added nginx vhost site's domain name as per Getting Started Guide step 1, the main hostname needs to be unique.

    You can check via recursive grep filter of your domain name in vhost directory at /usr/local/nginx/conf/conf.d
    Code (Text):
    grep -rnw 'yourdomain.com' /usr/local/nginx/conf/conf.d
    

    Also check DNS is correct use dig to check DNS for domain
    Code (Text):
    dig +short A @8.8.8.8 yourdomain.com
    dig +short A @8.8.8.8 www.yourdomain.com
    dig +short A @8.8.8.8 hostname.yourdomain.com
    

    check HTTP headers via curl for both HTTP (and HTTPS if you have HTTPS/SSL)
    Code (Text):
    curl -I http://yourdomain.com
    curl -I http://www.yourdomain.com
    curl -I https://yourdomain.com
    curl -I https://www.yourdomain.com
    curl -I http://hostname.yourdomain.com
    
     
  16. skringjer

    skringjer Member

    95
    11
    8
    Apr 21, 2019
    Ratings:
    +19
    Local Time:
    7:45 PM
    Yes i have properly setup the Hostname in the initial Getting Started guide, i have another site that is up and running so the hostname is hostname.myoldsite.com

    Contents of /usr/local/nginx/conf/conf.d/virtual.conf
    Code:
    server {
                listen 80 default_server backlog=4095 reuseport;
                server_name hostname.worldofpcgames.co;
                root   html;
            access_log              /var/log/nginx/localhost.access.log     combined buffer=256k flush=5m;
            error_log               /var/log/nginx/localhost.error.log      error;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
    # limit_conn limit_per_ip 16;
    # ssi  on;
    
            location /nginx_status {
            stub_status on;
            access_log   off;
            allow 127.0.0.1;
            #allow youripaddress;
            deny all;
            }
    
                location / {
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
    #Enables directory listings when index file not found
    #autoindex  on;
    
    #Shows file listing times as local time
    #autoindex_localtime on;
    
    # Wordpress Permalinks example
    #try_files \$uri \$uri/ /index.php?q=\$uri&\$args;
               
                }
    
    include /usr/local/nginx/conf/phpmyadmin.conf;
    include /usr/local/nginx/conf/staticfiles.conf;
    include /usr/local/nginx/conf/include_opcache.conf;
    include /usr/local/nginx/conf/php.conf;
    #include /usr/local/nginx/conf/phpstatus.conf;
    include /usr/local/nginx/conf/drop.conf;
    #include /usr/local/nginx/conf/errorpage.conf;
    #include /usr/local/nginx/conf/vts_mainserver.conf;
    
           }
    
    And contents of /usr/local/nginx/conf/conf.d/mydomain.com.ssl.conf
    Code:
    #x# HTTPS-DEFAULT
     server {
    
       server_name mydomain.com www.mydomain.com;
       return 302 https://mydomain.com$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    server {
      listen 443 ssl http2 reuseport;
      server_name mydomain.com www.mydomain.com;
    
      include /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
      #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/mydomain.com/origin.crt;
      #ssl_verify_client on;
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      #resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_stapling_verify on;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/mydomain.com/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/mydomain.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/mydomain.com/autoprotect-mydomain.com.conf;
      root /home/nginx/domains/mydomain.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      #include /usr/local/nginx/conf/wpincludes/mydomain.com/wpcacheenabler_mydomain.com.conf;
      include /usr/local/nginx/conf/wpincludes/mydomain.com/wpsupercache_mydomain.com.conf;
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/wpincludes/mydomain.com/rediscache_mydomain.com.conf;
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # for wordpress super cache plugin
      try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;
    
      # for wp cache enabler plugin
      #try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args;
    
      # Wordpress Permalinks
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      # Nginx level redis Wordpress
      # https://community.centminmod.com/posts/18828/
      #try_files $uri $uri/ /index.php?$args;
    
      }
    
    location ~* /(wp-login\.php) {
        limit_req zone=xwplogin burst=1 nodelay;
        #limit_conn xwpconlimit 30;
        auth_basic "Private";
        auth_basic_user_file /home/nginx/domains/mydomain.com/htpasswd_wplogin; 
        include /usr/local/nginx/conf/php-wpsc.conf;
       
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /(xmlrpc\.php) {
        limit_req zone=xwprpc burst=45 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
       
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /wp-admin/(load-scripts\.php) {
        limit_req zone=xwprpc burst=5 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
       
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /wp-admin/(load-styles\.php) {
        limit_req zone=xwprpc burst=5 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
       
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
      include /usr/local/nginx/conf/wpincludes/mydomain.com/wpsecure_mydomain.com.conf;
      include /usr/local/nginx/conf/php-wpsc.conf;
    
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/php-rediscache.conf;
      include /usr/local/nginx/conf/pre-staticfiles-local-mydomain.com.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
    Checked DNS records via the above commands and the point to the Correct IP (Old IP)

    Checked CURL and the following results

    Code:
    curl -I http://mydomain.com
    HTTP/1.1 200 OK
    Date: Sun, 29 Sep 2019 19:03:44 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 4515
    Last-Modified: Sun, 30 Jun 2019 04:11:31 GMT
    Connection: keep-alive
    Vary: Accept-Encoding
    ETag: "5d183673-11a3"
    Server: nginx centminmod
    X-Powered-By: centminmod
    Accept-Ranges: bytes
    
    curl -I http://mydomain.com
    HTTP/1.1 200 OK
    Date: Sun, 29 Sep 2019 19:04:48 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 4515
    Last-Modified: Sun, 30 Jun 2019 04:11:31 GMT
    Connection: keep-alive
    Vary: Accept-Encoding
    ETag: "5d183673-11a3"
    Server: nginx centminmod
    X-Powered-By: centminmod
    Accept-Ranges: bytes
    
    curl -I https://mydomain.com
    curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
    More details here: http://curl.haxx.se/docs/sslcerts.html
    
    curl performs SSL certificate verification by default, using a "bundle"
     of Certificate Authority (CA) public keys (CA certs). If the default
     bundle file isn't adequate, you can specify an alternate file
     using the --cacert option.
    If this HTTPS server uses a certificate signed by a CA represented in
     the bundle, the certificate verification probably failed due to a
     problem with the certificate (it might be expired, or the name might
     not match the domain name in the URL).
    If you'd like to turn off curl's verification of the certificate, use
     the -k (or --insecure) option.
    
     curl -I https://www.mydomain.com
    curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
    More details here: http://curl.haxx.se/docs/sslcerts.html
    
    curl performs SSL certificate verification by default, using a "bundle"
     of Certificate Authority (CA) public keys (CA certs). If the default
     bundle file isn't adequate, you can specify an alternate file
     using the --cacert option.
    If this HTTPS server uses a certificate signed by a CA represented in
     the bundle, the certificate verification probably failed due to a
     problem with the certificate (it might be expired, or the name might
     not match the domain name in the URL).
    If you'd like to turn off curl's verification of the certificate, use
     the -k (or --insecure) option.
    
     curl -I http://hostname.worldofpcgames.co
    HTTP/1.1 200 OK
    Date: Sun, 29 Sep 2019 19:06:06 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 4515
    Last-Modified: Sun, 30 Jun 2019 04:11:31 GMT
    Connection: keep-alive
    Vary: Accept-Encoding
    ETag: "5d183673-11a3"
    Server: nginx centminmod
    X-Powered-By: centminmod
    Accept-Ranges: bytes
    I think i know why the Default Page is showing up, its because of SSL, the SSL failed to generate, if i manually generate it, i think the issue will be fixed.
     
    Last edited: Sep 30, 2019
  17. eva2000

    eva2000 Administrator Staff Member

    41,724
    9,395
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,431
    Local Time:
    12:45 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yeah the http to https redirect is serving invalid ssl site so letsencrypt webroot authentication to /.well-known fails

    backup your existing /usr/local/nginx/conf/conf.d/animefever.to.ssl.conf nginx vhost and then uninstall the domain again from centmin.sh menu option 22 created uninstall script and this time when you run centmin.sh menu option 22 instead of selecting https default option 4, select option 3
    Code (Text):
    Get Letsencrypt SSL certificate Nginx vhost? [y/n]: y
    You have 4 options:
    1. issue staging test cert with HTTP + HTTPS (untrusted)
    2. issue staging test cert with HTTPS default (untrusted)
    3. issue live cert with HTTP + HTTPS (trusted)
    4. issue live cert with HTTPS default (trusted)
    Enter option number 1-4: 4
    

    that should allow letsencrypt to validate on non-https version of your site first and once letsencrypt issues your SSL cert, restore your backed up /usr/local/nginx/conf/conf.d/animefever.to.ssl.conf nginx vhost and remove the non-https one at /usr/local/nginx/conf/conf.d/animefever.to.conf
     
  18. skringjer

    skringjer Member

    95
    11
    8
    Apr 21, 2019
    Ratings:
    +19
    Local Time:
    7:45 PM
    This didnt work too, again at Verifying Domain gave the error, so i went to /usr/local/nginx/conf/conf.d and renamed mydomain.com.ssl.conf to mydomain.com.ssl.conf-disabled and left mydomain.com.conf as it is and restarted Nginx and i had Wordpress up and running then i went to

    Generate Centmin Mod Nginx Vhost - CentminMod.com LEMP Nginx web stack for CentOS

    And followed the steps here to Generate SSL and it worked, but when i restarted nginx and PHP-FPM i am getting this error
    Code:
    ginx: [emerg] duplicate listen options for 0.0.0.0:443 in /usr/local/nginx/conf/conf.d/worldofpcgames.co.ssl.conf:11
    Its giving this error on my other site, What should i do here is the conf for worldofpcgames.co.ssl.conf
    Code:
    #x# HTTPS-DEFAULT
     server {
    
       server_name worldofpcgames.co www.worldofpcgames.co;
       return 302 https://worldofpcgames.co$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    server {
      listen 443 ssl http2 reuseport;
      server_name worldofpcgames.co www.worldofpcgames.co;
    
      include /usr/local/nginx/conf/ssl/worldofpcgames.co/worldofpcgames.co.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
      #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/worldofpcgames.co/origin.crt;
      #ssl_verify_client on;
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/worldofpcgames.co/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/worldofpcgames.co/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/worldofpcgames.co/autoprotect-worldofpcgames.co.conf;
      root /home/nginx/domains/worldofpcgames.co/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      #include /usr/local/nginx/conf/wpincludes/worldofpcgames.co/wpcacheenabler_worldofpcgames.co.conf;
      include /usr/local/nginx/conf/wpincludes/worldofpcgames.co/wpsupercache_worldofpcgames.co.conf;
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/wpincludes/worldofpcgames.co/rediscache_worldofpcgames.co.conf;
    
     location / {
     include /usr/local/nginx/conf/503include-only.conf;
    
    # Enables directory listings when index file not found
     #autoindex  on;
    
     # for wordpress super cache plugin
      try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;
    
     # for wp cache enabler plugin
      #try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args;
    
      # Wordpress Permalinks
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      # Nginx level redis Wordpress
      # https://community.centminmod.com/posts/18828/
      #try_files $uri $uri/ /index.php?$args;
    
      }
    
    location ~* /(wp-login\.php) {
        limit_req zone=xwplogin burst=1 nodelay;
        #limit_conn xwpconlimit 30;
        #auth_basic "Private";
        #auth_basic_user_file /home/nginx/domains/worldofpcgames.co/htpasswd_wplogin; 
        include /usr/local/nginx/conf/php-wpsc.conf;
     
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /(xmlrpc\.php) {
        limit_req zone=xwprpc burst=45 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
     
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /wp-admin/(load-scripts\.php) {
        limit_req zone=xwprpc burst=5 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
     
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /wp-admin/(load-styles\.php) {
        limit_req zone=xwprpc burst=5 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
     
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
      include /usr/local/nginx/conf/wpincludes/worldofpcgames.co/wpsecure_worldofpcgames.co.conf;
      include /usr/local/nginx/conf/php-wpsc.conf;
    
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/php-rediscache.conf;
      include /usr/local/nginx/conf/pre-staticfiles-local-worldofpcgames.co.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
    And here is the Conf for mydomain.com.ssl.conf

    Code:
    I don't want my other site to be affected. :(
    #x# HTTPS-DEFAULT
     server {
    
       server_name mydomain.com www.mydomain.com;
       return 302 https://mydomain.com$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    server {
      listen 443 ssl http2 reuseport;
      server_name mydomain.com www.mydomain.com;
    
      include /usr/local/nginx/conf/ssl/mydomain.com/mydomain.com.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
      #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/mydomain.com/origin.crt;
      #ssl_verify_client on;
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      # mozilla recommended
      ssl_ciphers TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      #resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_stapling_verify on;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/mydomain.com/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/mydomain.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/mydomain.com/autoprotect-mydomain.com.conf;
      root /home/nginx/domains/mydomain.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      #include /usr/local/nginx/conf/wpincludes/mydomain.com/wpcacheenabler_mydomain.com.conf;
      include /usr/local/nginx/conf/wpincludes/mydomain.com/wpsupercache_mydomain.com.conf;
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/wpincludes/mydomain.com/rediscache_mydomain.com.conf;
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # for wordpress super cache plugin
      try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;
    
      # for wp cache enabler plugin
      #try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args;
    
      # Wordpress Permalinks
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      # Nginx level redis Wordpress
      # https://community.centminmod.com/posts/18828/
      #try_files $uri $uri/ /index.php?$args;
    
      }
    
    location ~* /(wp-login\.php) {
        limit_req zone=xwplogin burst=1 nodelay;
        #limit_conn xwpconlimit 30;
        auth_basic "Private";
        auth_basic_user_file /home/nginx/domains/mydomain.com/htpasswd_wplogin; 
        include /usr/local/nginx/conf/php-wpsc.conf;
     
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /(xmlrpc\.php) {
        limit_req zone=xwprpc burst=45 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
     
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /wp-admin/(load-scripts\.php) {
        limit_req zone=xwprpc burst=5 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
     
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /wp-admin/(load-styles\.php) {
        limit_req zone=xwprpc burst=5 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
     
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
      include /usr/local/nginx/conf/wpincludes/mydomain.com/wpsecure_mydomain.com.conf;
      include /usr/local/nginx/conf/php-wpsc.conf;
    
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/php-rediscache.conf;
      include /usr/local/nginx/conf/pre-staticfiles-local-mydomain.com.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
    
    And if i remove listen 443 ssl http2 reuseport; from worldofpcgames.co.ssl.conf, and restart nginx, everything is fine then, both of the sites are up and running but mydomain.com certs arent working Screenshot
     
    Last edited: Sep 30, 2019
  19. skringjer

    skringjer Member

    95
    11
    8
    Apr 21, 2019
    Ratings:
    +19
    Local Time:
    7:45 PM
    And yes as i was afraid, making the above Small change, did effect the other site, i was getting Pages not found and Newdomain data in olddomain, sorry if am making things so weird here.
     
    Last edited: Sep 30, 2019
  20. eva2000

    eva2000 Administrator Staff Member

    41,724
    9,395
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,431
    Local Time:
    12:45 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    need to remove reuseport from either one of these nginx vhost's listen directive animefever.to.ssl.conf or worldofpcgames.co.ssl.conf as it can only listed once per ip/port pairing - you most of had SECOND_IP in place at one time which allowed both nginx vhosts to have reuseport but reverting to single IP, only one can have reuseport