Let's Encrypt token file not found, nginx 'location' statement not working

Discussion in 'Installation/Configuration' started by Keen Mouse, Jan 17, 2019.

  1. Keen Mouse

    Keen Mouse New Member

    Ubuntu 18.04.1 LTS
    ISPConfig 3.1.13

    I'm having trouble obtaining Let's Encrypt certificates. Let's Encrypt is getting a 404 when attempting to access the token file:
       Domain: testing.[domain].com
       Type:   unauthorized
       Detail: Invalid response from
       "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body
       bgcolor=\"white\">\r\n<center><h1>404 Not
    I've narrowed down the problem to the fact that the 'location' sections in the vhost configurations aren't working:
    location ^~ /.well-known/acme-challenge/ {
        access_log off;
        log_not_found off;
        root /usr/local/ispconfig/interface/acme/;
        autoindex off;
        index index.html;
        try_files $uri $uri/ =404;
    If I place a test file at /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/test, I get a 404 when I browse to /.well-known/acme-challenge/test on any domain on the server. I don't understand why the location sections are being ignored. I don't think I have anything out of the ordinary in my configuration except for changing the location of phpmyadmin, which I did properly via /usr/local/ispconfig/server/conf-custom/nginx_apps.vhost.master.

    I have attached the anonymized output of nginx -T.

    Attached Files:

    Last edited: Jan 17, 2019
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The location statement is fine, I have several nginx servers here that use the same statement and LE works there without issues. Do you have any custom niginx configuration set in the ngins directives field of the website?
  3. Keen Mouse

    Keen Mouse New Member

    No. If I did, they'd show up in the nginx -T output. That shows everything nginx is aware of.

    I'm completely stumped why I get a 404 for anything I put in /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/. I've confirmed there are no symlinks in the path. I've ruled out DNS too; the access.log confirms that requests are coming in to the right server:

    Code: - - [18/Jan/2019:20:22:05 +0000] "GET /.well-known/acme-challenge/OuoaDd0w8N0NaaoO-FkY6rfDwMi3c0jh1i3XwuUYDPs HTTP/1.1" 404 152 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
  4. Keen Mouse

    Keen Mouse New Member

    I'm sorry; I must have had an incorrect understanding of the procedure. I discovered that my test file was accessible by HTTPS but not HTTP, and that I was getting the wrong self-generated certificate. I hadn't generated a certificate for the site yet. I didn't realize I had to do that first, but once I did, the problem went away. Thanks for bearing with me.

Share This Page