Hi I am trying to generate Cert for existing domain. I used generator but I get error (on domain verification) with this command: /root/.acme.sh/acme.sh --force --issue --days 60 -d mydomain.com -w /home/nginx/domains/mydomain.com/public -k 2048 --useragent centminmod-centos-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-connect.mydomain.com.log --log-level 2 mydomain.com:Verify error:Invalid response from http://mydomain.com/.well-known/acme-challenge/trLplVVVDNJ-Z6rY5ARQZ2NhAHF3KN1X3HdL9V_lvB8 I create .well-known/acme-challenge/trLplVVVDNJ-Z6rY5ARQZ2NhAHF3KN1X3HdL9V_lvB8 for testing and getting 403 error when I checked errorLog, there is *27 access forbidden by rule, client: I have no idea what's wrong. whousl I somehow configure this .well-known alias, or dir?
When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL) Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com Vhost public web root will be at /home/nginx/domains/newdomain.com/public Vhost log directory will be at /home/nginx/domains/newdomain.com/log Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags) what is output of these commands in ssh Code (Text): curl -I https://domain.com Code (Text): curl -I https://www.domain.com Code (Text): curl -I http://domain.com Code (Text): curl -I http://www.domain.com wrap output in CODE tags
for https I get Code: HTTP/1.1 503 Service Unavailable Server: squid/3.5.20 Mime-Version: 1.0 Date: Fri, 29 Mar 2019 05:55:50 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3743 X-Squid-Error: ERR_DNS_FAIL 0 Vary: Accept-Language Content-Language: en for http I get I guess problem is, I am behind proxy? but from outside I can at least get index.html page but not from inside
I tweaked proxys DNS a little: Code: HTTP/1.1 200 Connection established curl: (60) Peer's Certificate has expired. More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. and Code: HTTP/1.1 200 OK Date: Fri, 29 Mar 2019 06:16:27 GMT Content-Type: text/html; charset=utf-8 Content-Length: 172 Last-Modified: Fri, 02 Nov 2018 16:41:53 GMT ETag: "5bdc7e51-ac" Server: nginx centminmod X-Powered-By: centminmod Expires: Sat, 30 Mar 2019 06:16:27 GMT Cache-Control: max-age=86400 Cache-Control: public, must-revalidate, proxy-revalidate Accept-Ranges: bytes X-Cache: MISS from vs-proxy X-Cache-Lookup: MISS from vs-proxy:3128 Via: 1.1 vs-proxy (squid/3.5.20) Connection: keep-alive but there seems to be something not liking leading dot in well-known path... it's either squid or nginx I am gonna try to turn off proxy, but I guess no connection to internet then
I think this in my domain config (domain was generated in 123.08 or older, couple of years ago) is the problem: Code: # prevent access to ./directories and files | location ~ (?:^|/)\. { | deny all; | }
so I just commented out the deny all from above (there is bunch of stuff in staticfile.conf) and it worked now! thx