Join the community today
Become a Member

Letsencrypt Help with error. Can't get letsencrypt to work

Discussion in 'Domains, DNS, Email & SSL Certificates' started by Itworx4me, Mar 22, 2020.

  1. Itworx4me

    Itworx4me Member

    218
    21
    18
    Mar 14, 2017
    Ratings:
    +35
    Local Time:
    2:36 AM
    Nginx 1.17.X
    MariaDB 10.3.X
    I am getting this error:

    Code (Text):
    insidepromod.com:Verify error:Fetching https://insidepromod.com/.well-known/acme-challenge/pRwLOn1K1iHuIRauvrvRBlLv3zZ0KPfXwgbyeBDjzXM: Too many redirects


    When running this command:
    Code (Text):
    /root/.acme.sh/acme.sh --force --issue --days 60 -d insidepromod.com -d www.insidepromod.com -w /home/nginx/domains/insidepromod.com/public -k 2048 --useragent centminmod-centos-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-insidepromod.com.log --log-level 2


    Any help would be much appreciated.

    Thanks,
    Itworx4me
     
  2. eva2000

    eva2000 Administrator Staff Member

    43,579
    9,884
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,264
    Local Time:
    7:36 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    First try running your intended SSL certificate domain through the letsdebug.net online testing tool to check for potential errors with HTTP-01 validation. For your domain it has errors Let's Debug

    you have Cloudflare on domain but CF SSL cert has not been issued yet - it can have delays by up to 24hrs
    you have bad redirect - too many redirects

    Code:
    BadRedirect
    ERROR
    Sending an ACME HTTP validation request to insidepromod.com results in an unacceptable redirect. This is most likely a misconfiguration of your web server or your web application.
    Too many (10) redirects, last redirect was to: https://insidepromod.com/.well-known/acme-challenge/letsdebug-test
    
    Trace:
    @0ms: Making a request to http://insidepromod.com/.well-known/acme-challenge/letsdebug-test (using initial IP 2606:4700:3034::681c:196d)
    @0ms: Dialing 2606:4700:3034::681c:196d
    @119ms: Server response: HTTP 302 Moved Temporarily
    @119ms: Received redirect to https://insidepromod.com/.well-known/acme-challenge/letsdebug-test
    @119ms: Dialing 2606:4700:3034::681c:196d
    @207ms: Server response: HTTP 302 Moved Temporarily
    @207ms: Received redirect to https://insidepromod.com/.well-known/acme-challenge/letsdebug-test
    @281ms: Server response: HTTP 302 Moved Temporarily
    @281ms: Received redirect to https://insidepromod.com/.well-known/acme-challenge/letsdebug-test
    @355ms: Server response: HTTP 302 Moved Temporarily
    @355ms: Received redirect to https://insidepromod.com/.well-known/acme-challenge/letsdebug-test
    @394ms: Server response: HTTP 302 Moved Temporarily
    @394ms: Received redirect to https://insidepromod.com/.well-known/acme-challenge/letsdebug-test
    @468ms: Server response: HTTP 302 Moved Temporarily
    @468ms: Received redirect to https://insidepromod.com/.well-known/acme-challenge/letsdebug-test
    @508ms: Server response: HTTP 302 Moved Temporarily
    @508ms: Received redirect to https://insidepromod.com/.well-known/acme-challenge/letsdebug-test
    @548ms: Server response: HTTP 302 Moved Temporarily
    @548ms: Received redirect to https://insidepromod.com/.well-known/acme-challenge/letsdebug-test
    @588ms: Server response: HTTP 302 Moved Temporarily
    @588ms: Received redirect to https://insidepromod.com/.well-known/acme-challenge/letsdebug-test
    @665ms: Server response: HTTP 302 Moved Temporarily
    When you create a new nginx vhost domain via centmin.sh menu option 2 or menu option 22 or via /usr/bin/nv cli command line, you will create the Nginx vhost files and directories. You will get an outputted the path location where it will create the domain name's vhost conf file named newdomain.com.conf (and newdomain.com.ssl.conf if you selected yes to self signed SSL)
    • Nginx vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.conf
    • Nginx HTTP/2 SSL vhost conf path will be at /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf
    • Nginx Self-Signed SSL Certificate Directory at /usr/local/nginx/conf/ssl/newdomain.com
    • Vhost public web root will be at /home/nginx/domains/newdomain.com/public
    • Vhost log directory will be at /home/nginx/domains/newdomain.com/log
    Please post the contents of /usr/local/nginx/conf/conf.d/newdomain.com.conf and if applicable /usr/local/nginx/conf/conf.d/newdomain.com.ssl.conf wrapped in CODE tags (outlined at How to use forum BBCODE code tags)

    what is output of these commands in ssh
    Code (Text):
    curl -I https://domain.com
    

    Code (Text):
    curl -I https://www.domain.com
    

    Code (Text):
    curl -I http://domain.com
    

    Code (Text):
    curl -I http://www.domain.com
    

    wrap output in CODE tags
     
  3. Itworx4me

    Itworx4me Member

    218
    21
    18
    Mar 14, 2017
    Ratings:
    +35
    Local Time:
    2:36 AM
    Nginx 1.17.X
    MariaDB 10.3.X
    I choose option #2 when creating the vhost
    I choose option #4 when creating the letsencrypt (live https )

    It never created the acme ssl files. It looks like it fell back on a self signed ssl.

    Here is the information you requested:

    Code (Text):
    curl -I https://domain.com

    Code (Text):
    HTTP/1.1 302 Moved Temporarily
    Date: Sun, 22 Mar 2020 13:35:24 GMT
    Content-Type: text/html
    Connection: keep-alive
    Set-Cookie: __cfduid=d844693781d4db7c70cbd7ca6354932b31584884124; expires=Tue, 21-Apr-20 13:35:24 GMT; path=/; domain=.insidepromod.com; HttpOnly; SameSite=Lax
    Location: https://insidepromod.com/
    X-Powered-By: centminmod
    CF-Cache-Status: DYNAMIC
    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    Server: cloudflare
    CF-RAY: 57804bb1fcd5e968-MIA


    Code (Text):
    curl -I https://www.domain.com

    Code (Text):
    HTTP/1.1 302 Moved Temporarily
    Date: Sun, 22 Mar 2020 13:42:37 GMT
    Content-Type: text/html
    Connection: keep-alive
    Set-Cookie: __cfduid=d5501eb1c0ff78c4be49e9f6ed609b2be1584884557; expires=Tue, 21-Apr-20 13:42:37 GMT; path=/; domain=.insidepromod.com; HttpOnly; SameSite=Lax
    Location: https://insidepromod.com/
    X-Powered-By: centminmod
    CF-Cache-Status: DYNAMIC
    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    Server: cloudflare
    CF-RAY: 57805645eac2c88f-MIA


    Code (Text):
    curl -I http://domain.com

    Code (Text):
    HTTP/1.1 302 Moved Temporarily
    Date: Sun, 22 Mar 2020 13:43:31 GMT
    Content-Type: text/html
    Connection: keep-alive
    Set-Cookie: __cfduid=d979ff6cf912bd9283c824fb6334e28521584884611; expires=Tue, 21-Apr-20 13:43:31 GMT; path=/; domain=.insidepromod.com; HttpOnly; SameSite=Lax
    Location: https://insidepromod.com/
    X-Powered-By: centminmod
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 57805796cf4de954-MIA


    Code (Text):
    curl -I http://www.domain.com

    Code (Text):
    HTTP/1.1 302 Moved Temporarily
    Date: Sun, 22 Mar 2020 13:44:26 GMT
    Content-Type: text/html
    Connection: keep-alive
    Set-Cookie: __cfduid=d6d370a7e5586e393d46594a873ac12d31584884666; expires=Tue, 21-Apr-20 13:44:26 GMT; path=/; domain=.insidepromod.com; HttpOnly; SameSite=Lax
    Location: https://insidepromod.com/
    X-Powered-By: centminmod
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 578058efbab25336-MIA


    I just don't understand how I am getting the 302 moved temporarily code..

    Thank you for your help @eva2000 . I really appreciate it. Setting up a vhost with ssl has never gone smooth for me.... :(

    Itworx4me
     
  4. Itworx4me

    Itworx4me Member

    218
    21
    18
    Mar 14, 2017
    Ratings:
    +35
    Local Time:
    2:36 AM
    Nginx 1.17.X
    MariaDB 10.3.X
    Here is the insidepromod.com.ssl.conf file that centmin created. I haven't touched the file or changed anything.

    Code (Text):
    #x# HTTPS-DEFAULT
     server {
      
       server_name insidepromod.com www.insidepromod.com;
       return 302 https://insidepromod.com$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    
    
    server {
      listen 443 ssl http2 reuseport;
      server_name insidepromod.com www.insidepromod.com;
    
      include /usr/local/nginx/conf/ssl/insidepromod.com/insidepromod.com.crt.key.conf;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # cloudflare authenticated origin pull cert community.centminmod.com/threads/13847/
      #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/insidepromod.com/origin.crt;
      #ssl_verify_client on;
      http2_max_field_size 16k;
      http2_max_header_size 32k;
      http2_max_requests 5000;
      # mozilla recommended
      ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
      ssl_prefer_server_ciphers   on;
      #add_header Alternate-Protocol  443:npn-spdy/3;
    
      # before enabling HSTS line below read centminmod.com/nginx_domain_dns_setup.html#hsts
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header X-Frame-Options SAMEORIGIN;
      add_header X-Xss-Protection "1; mode=block" always;
      add_header X-Content-Type-Options "nosniff" always;
      #add_header Referrer-Policy "strict-origin-when-cross-origin";
      #add_header Feature-Policy "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'";
      #spdy_headers_comp 5;
      ssl_buffer_size 1369;
      ssl_session_tickets on;
     
      # enable ocsp stapling
      #resolver 8.8.8.8 8.8.4.4 1.1.1.1 1.0.0.1 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_stapling_verify on;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/insidepromod.com/log/access.log combined buffer=256k flush=5m;
      error_log /home/nginx/domains/insidepromod.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/insidepromod.com/autoprotect-insidepromod.com.conf;
      root /home/nginx/domains/insidepromod.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Wordpress Permalinks example
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      }
    
      include /usr/local/nginx/conf/pre-staticfiles-local-insidepromod.com.conf;
      include /usr/local/nginx/conf/pre-staticfiles-global.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
     
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
     
  5. eva2000

    eva2000 Administrator Staff Member

    43,579
    9,884
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,264
    Local Time:
    7:36 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    it's due to this redirect for https non-www redirect to https non-www so it's in a loop
    Code (Text):
    curl -I https://domain.com
    
    HTTP/1.1 302 Moved Temporarily
    Date: Sun, 22 Mar 2020 13:35:24 GMT
    Content-Type: text/html
    Connection: keep-alive
    Set-Cookie: __cfduid=d844693781d4db7c70cbd7ca6354932b31584884124; expires=Tue, 21-Apr-20 13:35:24 GMT; path=/; domain=.insidepromod.com; HttpOnly; SameSite=Lax
    Location: https://insidepromod.com/
    X-Powered-By: centminmod
    CF-Cache-Status: DYNAMIC
    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    Server: cloudflare
    CF-RAY: 57804bb1fcd5e968-MIA
    

    If you have Cloudflare enabled with always use HTTPS in dashboard, it will force https so centmin mod nginx doesn't need the 302 redirect
    Code (Text):
    #x# HTTPS-DEFAULT
     server {
     
       server_name insidepromod.com www.insidepromod.com;
       return 302 https://insidepromod.com$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    


    for now i'd keep that 302 redirect for now and disable Cloudflare always use HTTPS from SSL/TLS > Edge Certificates tab

    and re-run
    Code (Text):
    curl -I https://domain.com

    to see if you get HTTP 200 status code instead of 302 redirect. If you do, you can re-attempt to re-issue letsencrypt. Try acmetool.sh add reissue-only option for existing nginx HTTPS SSL vhosts with domain.com.ssl.conf vhost config files that exist. This only does reissue of letsencrypt SSL cert without touching the nginx vhost. Ideal for use when you tried creating a Nginx HTTPS SSL default vhost site but letsencrypt SSL issuance failed the first time. When it fails, Centmin Mod usually falls back to self-signed SSL as a place holder for the domain.com.ssl.conf vhost config. When you run:
    Code (Text):
    cd /usr/local/src/centminmod/addons
    ./acmetool.sh reissue-only domain.com live
    

    It will only try reissuing the letsencrypt SSL certificate for the domain = domain.com for live production SSL certificate without touching any of the existing nginx vhost at domain.com.ssl.conf
     
  6. Itworx4me

    Itworx4me Member

    218
    21
    18
    Mar 14, 2017
    Ratings:
    +35
    Local Time:
    2:36 AM
    Nginx 1.17.X
    MariaDB 10.3.X
    Capture32.PNG

    Its already off.
     
  7. eva2000

    eva2000 Administrator Staff Member

    43,579
    9,884
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,264
    Local Time:
    7:36 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    did you install any other wordpress plugins ? like Cloudflare wordpress plugin ?

    if you temporarily comment out these lines with hash # in front and restart nginx/php-fpm does it work when access https version of your domain ?
    change from
    Code (Text):
     server {
     
       server_name insidepromod.com www.insidepromod.com;
       return 302 https://insidepromod.com$request_uri;
       include /usr/local/nginx/conf/staticfiles.conf;
     }
    

    to
    Code (Text):
    # server {
    #
    #   server_name insidepromod.com www.insidepromod.com;
    #   return 302 https://insidepromod.com$request_uri;
    #   include /usr/local/nginx/conf/staticfiles.conf;
    # }
    

    then try
    Code (Text):
    curl -I http://domain.com
    curl -I https://domain.com
    curl -I http://www.domain.com
    curl -I https://www.domain.com
    
     
  8. Itworx4me

    Itworx4me Member

    218
    21
    18
    Mar 14, 2017
    Ratings:
    +35
    Local Time:
    2:36 AM
    Nginx 1.17.X
    MariaDB 10.3.X
    This isn't a wordpress install. When finished it will be an Xenforo site.
     
  9. eva2000

    eva2000 Administrator Staff Member

    43,579
    9,884
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,264
    Local Time:
    7:36 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    I see. Still need the curl output after you comment out the server {} context for 302 redirects
     
  10. Itworx4me

    Itworx4me Member

    218
    21
    18
    Mar 14, 2017
    Ratings:
    +35
    Local Time:
    2:36 AM
    Nginx 1.17.X
    MariaDB 10.3.X
    I get the Centminmod Nginx Auto Installer page now
    Test Page for the Centmin Mod Nginx HTTP Server

    Code (Text):
    HTTP/1.1 200 OK
    Date: Sun, 22 Mar 2020 15:47:11 GMT
    Content-Type: text/html; charset=utf-8
    Connection: keep-alive
    Set-Cookie: __cfduid=d6500cc838583ad9911562f81f4c49e721584892031; expires=Tue, 21-Apr-20 15:47:11 GMT; path=/; domain=.insidepromod.com; HttpOnly; SameSite=Lax
    Last-Modified: Wed, 31 Jan 2018 00:31:37 GMT
    Vary: Accept-Encoding
    X-Powered-By: centminmod
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 57810cbedb1be974-MIA


    Code (Text):
    HTTP/1.1 200 OK
    Date: Sun, 22 Mar 2020 15:50:26 GMT
    Content-Type: text/html; charset=utf-8
    Connection: keep-alive
    Set-Cookie: __cfduid=d9f4df8b8a4cbd13bf08fc8ced79a5f641584892225; expires=Tue, 21-Apr-20 15:50:25 GMT; path=/; domain=.insidepromod.com; HttpOnly; SameSite=Lax
    Last-Modified: Wed, 31 Jan 2018 00:31:37 GMT
    Vary: Accept-Encoding
    X-Powered-By: centminmod
    CF-Cache-Status: DYNAMIC
    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    Server: cloudflare
    CF-RAY: 578111745b9250d2-MIA


    Code (Text):
    HTTP/1.1 200 OK
    Date: Sun, 22 Mar 2020 15:51:14 GMT
    Content-Type: text/html; charset=utf-8
    Connection: keep-alive
    Set-Cookie: __cfduid=da116afc07a247ee1f1a2d9dca6232da81584892274; expires=Tue, 21-Apr-20 15:51:14 GMT; path=/; domain=.insidepromod.com; HttpOnly; SameSite=Lax
    Last-Modified: Wed, 31 Jan 2018 00:31:37 GMT
    Vary: Accept-Encoding
    X-Powered-By: centminmod
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 578112ac9e76d4f9-MIA


    Code (Text):
    HTTP/1.1 200 OK
    Date: Sun, 22 Mar 2020 15:51:57 GMT
    Content-Type: text/html; charset=utf-8
    Connection: keep-alive
    Set-Cookie: __cfduid=d8ea351ce3f0290a872f9121e3ec25d241584892317; expires=Tue, 21-Apr-20 15:51:57 GMT; path=/; domain=.insidepromod.com; HttpOnly; SameSite=Lax
    Last-Modified: Wed, 31 Jan 2018 00:31:37 GMT
    Vary: Accept-Encoding
    X-Powered-By: centminmod
    CF-Cache-Status: DYNAMIC
    Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
    Server: cloudflare
    CF-RAY: 578113ba3c34ef26-MIA
    
     
  11. eva2000

    eva2000 Administrator Staff Member

    43,579
    9,884
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,264
    Local Time:
    7:36 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    That probably means you didn't setup your main hostname for your server properly from Getting Started Guide step 1 at Getting Started Guide - CentminMod.com LEMP Nginx web stack for CentOS - you need to ensure it isn't using your insidepromod.com domain but a subdomain like host.insidepromod.com

    When you install Centmin Mod it's setup a main hostname nginx vhost host for server which is where Nginx default install index page is shown. Accessing server via IP address will show that page and it's correct and should be left as is as the main hostname site is also used for statistics pages outlined here. When you create a new Nginx vhost site via centmin.sh menu option 2, 22 or nv commands, you have a separate Nginx vhost directory structure. The differences are outlined on official Config file page and at Getting Started Guide step 1 and bottom of that page here.
    If your site domain name when visited redirects to main hostname and default nginx index page, then that is usually due to the main hostname being same as the site domain name which is incorrect as they need to differ.

    What does your /usr/local/nginx/conf/conf.d/virtual.conf and /usr/local/nginx/conf/conf.d/yourdomain.com.conf contents look like ? Make sure virtual.conf main hostname's server_name isn't same as any added nginx vhost site's domain name as per Getting Started Guide step 1, the main hostname needs to be unique.

    You can check via recursive grep filter of your domain name in vhost directory at /usr/local/nginx/conf/conf.d
    Code (Text):
    grep -rnw 'yourdomain.com' /usr/local/nginx/conf/conf.d
    

    Also check DNS is correct use dig to check DNS for domain
    Code (Text):
    dig +short A @8.8.8.8 yourdomain.com
    dig +short A @8.8.8.8 www.yourdomain.com
    dig +short A @8.8.8.8 hostname.yourdomain.com
    

    check HTTP headers via curl for both HTTP (and HTTPS if you have HTTPS/SSL)
    Code (Text):
    curl -I http://yourdomain.com
    curl -I http://www.yourdomain.com
    curl -I https://yourdomain.com
    curl -I https://www.yourdomain.com
    curl -I http://hostname.yourdomain.com
    
     
  12. Itworx4me

    Itworx4me Member

    218
    21
    18
    Mar 14, 2017
    Ratings:
    +35
    Local Time:
    2:36 AM
    Nginx 1.17.X
    MariaDB 10.3.X
    I have 3 other sites on the server that are working fine. My hostname is ****.insidetopfuel.com. There is a vhost of insidetopfuel.com that gets redirected to nitromater.com

    Code (Text):
    /usr/local/nginx/conf/conf.d/insidepromod.com.ssl.conf:4:#   server_name insidepromod.com www.insidepromod.com;
    /usr/local/nginx/conf/conf.d/insidepromod.com.ssl.conf:5:#   return 302 https://insidepromod.com$request_uri;
    /usr/local/nginx/conf/conf.d/insidepromod.com.ssl.conf:12:  server_name insidepromod.com www.insidepromod.com;
    /usr/local/nginx/conf/conf.d/insidepromod.com.ssl.conf:14:  include /usr/local/nginx/conf/ssl/insidepromod.com/insidepromod.com.crt.key.conf;
    /usr/local/nginx/conf/conf.d/insidepromod.com.ssl.conf:18:  #ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/insidepromod.com/origin.crt;
    /usr/local/nginx/conf/conf.d/insidepromod.com.ssl.conf:53:  access_log /home/nginx/domains/insidepromod.com/log/access.log combined buffer=256k flush=5m;
    /usr/local/nginx/conf/conf.d/insidepromod.com.ssl.conf:54:  error_log /home/nginx/domains/insidepromod.com/log/error.log;
    /usr/local/nginx/conf/conf.d/insidepromod.com.ssl.conf:56:  include /usr/local/nginx/conf/autoprotect/insidepromod.com/autoprotect-insidepromod.com.conf;
    /usr/local/nginx/conf/conf.d/insidepromod.com.ssl.conf:57:  root /home/nginx/domains/insidepromod.com/public;
    /usr/local/nginx/conf/conf.d/insidepromod.com.ssl.conf:80:  include /usr/local/nginx/conf/pre-staticfiles-local-insidepromod.com.conf;


    I am at a loss.. Really appreciate your help George
     
  13. Itworx4me

    Itworx4me Member

    218
    21
    18
    Mar 14, 2017
    Ratings:
    +35
    Local Time:
    2:36 AM
    Nginx 1.17.X
    MariaDB 10.3.X
    Here is a site that is working on the server:
    Code (Text):
    /usr/local/nginx/conf/conf.d/***.com.ssl.conf:10:   server_name ***.com www.***.com;
    /usr/local/nginx/conf/conf.d/***.com.ssl.conf:11:    return 302 https://***.com$request_uri;
    /usr/local/nginx/conf/conf.d/***.com.ssl.conf:16:  server_name ***.com www.***.com;
    /usr/local/nginx/conf/conf.d/***.com.ssl.conf:18:  ssl_dhparam /usr/local/nginx/conf/ssl/***.com/dhparam.pem;
    /usr/local/nginx/conf/conf.d/***.com.ssl.conf:19:  ssl_certificate      /usr/local/nginx/conf/ssl/***.com/***.com-acme.cer;
    /usr/local/nginx/conf/conf.d/***.com.ssl.conf:20:  ssl_certificate_key  /usr/local/nginx/conf/ssl/***.com/***.com-acme.key;
    /usr/local/nginx/conf/conf.d/***.com.ssl.conf:33:  add_header Link "<http://***.com$request_uri>; rel=\"canonical\"";
    /usr/local/nginx/conf/conf.d/***.com.ssl.conf:43:  ssl_trusted_certificate /usr/local/nginx/conf/ssl/***.com/***.com-acme.cer;
    /usr/local/nginx/conf/conf.d/***.com.ssl.conf:53:  access_log /home/nginx/domains/***.com/log/access.log combined buffer=256k flush=5m;
    /usr/local/nginx/conf/conf.d/***.com.ssl.conf:54:  error_log /home/nginx/domains/***.com/log/error.log;
    /usr/local/nginx/conf/conf.d/***.com.ssl.conf:56:  root /home/nginx/domains/***.com/public;
    /usr/local/nginx/conf/conf.d/***.com.conf-disabled:9:#            server_name ***.com;
    /usr/local/nginx/conf/conf.d/***.com.conf-disabled:10:#            return 301 $scheme://www.***.com$request_uri;
    /usr/local/nginx/conf/conf.d/***.com.conf-disabled:15:  server_name ***.com www.***.com;
    /usr/local/nginx/conf/conf.d/***.com.conf-disabled:29:  access_log /home/nginx/domains/***.com/log/access.log main_ext buffer=256k flush=5m;
    /usr/local/nginx/conf/conf.d/***.com.conf-disabled:30:  error_log /home/nginx/domains/***.com/log/error.log;
    /usr/local/nginx/conf/conf.d/***.com.conf-disabled:32:  include /usr/local/nginx/conf/autoprotect/***.com/autoprotect-***.com.conf;
    /usr/local/nginx/conf/conf.d/***.com.conf-disabled:33:  root /home/nginx/domains/***.com/public;
    /usr/local/nginx/conf/conf.d/insidtetopfuel.com.ssl.conf:55:  root /home/nginx/domains/***.com/public;
     
  14. eva2000

    eva2000 Administrator Staff Member

    43,579
    9,884
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,264
    Local Time:
    7:36 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    With Cloudflare are you using Flexible SSL or Full SSL ? As you have HTTPS default nginx site, you'd need to ensure Cloudflare is using Full SSL so it checks HTTPS nginx origin as Flexible SSL checks non-HTTPS nginx origin. If you have Flexible SSL, it will try to connect to non-HTTPS nginx origin and will get a 302 redirect HTTPS which then has a cycle of checking non-HTTPS again if Flexible SSL is used.

    which is what original letsdebug.net check reported too at Let's Debug
     
  15. Itworx4me

    Itworx4me Member

    218
    21
    18
    Mar 14, 2017
    Ratings:
    +35
    Local Time:
    2:36 AM
    Nginx 1.17.X
    MariaDB 10.3.X
    I just changed it to full strict
     
  16. Itworx4me

    Itworx4me Member

    218
    21
    18
    Mar 14, 2017
    Ratings:
    +35
    Local Time:
    2:36 AM
    Nginx 1.17.X
    MariaDB 10.3.X
    Should I try and reissue the cert now?
     
  17. eva2000

    eva2000 Administrator Staff Member

    43,579
    9,884
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,264
    Local Time:
    7:36 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    the domain https://insidepromod.com/ is still pointing to main hostname's default nginx index page though so something in one of your nginx config is not setup correctly - letsencrypt reissue will fail domain validation because of this.

    What happens if you try and turn off orange cloud proxy on your cloudflare DNS record for main domain and www version of your domain from cloudflare dashboard, does accessing the domain show your site or not ?
     
  18. eva2000

    eva2000 Administrator Staff Member

    43,579
    9,884
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,264
    Local Time:
    7:36 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Oh before trying turning off orange cloud, try Full non-strict too as strict requires valid SSL cert on nginx origin and you don't have one right now it's a self-signed ssl cert on nginx origin in use

    when running centmin.sh menu option 2 or 22 and you select option 2 or 4 for letsencrypt HTTPS mode, you will also get a notice message like one below informing you of such as well
     
    Last edited: Mar 23, 2020
  19. Itworx4me

    Itworx4me Member

    218
    21
    18
    Mar 14, 2017
    Ratings:
    +35
    Local Time:
    2:36 AM
    Nginx 1.17.X
    MariaDB 10.3.X
    I get the place index place holder now

    insidepromod.com

    Try now?
     
  20. eva2000

    eva2000 Administrator Staff Member

    43,579
    9,884
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,264
    Local Time:
    7:36 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Yup looks good now so try re-issuance :)

    I've updated 123.09beta01 centmin.sh menu option 2 and 22 routines to make the cloudflare notice more noticeable at the end of nginx vhost creation routine too when cloudflare DNS is detected for the domain now as well.
     
    • Like Like x 1