Ubuntu 18.04.1 LTS ISPConfig 3.1.13 nginx I'm having trouble obtaining Let's Encrypt certificates. Let's Encrypt is getting a 404 when attempting to access the token file: Code: Domain: testing.[domain].com Type: unauthorized Detail: Invalid response from http://testing.[domain].com/.well-known/acme-challenge/gL6rp6uI1IcLYtExxa8AqcxqdZkTA5g-kuA-jmfoLYQ: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>" I've narrowed down the problem to the fact that the 'location' sections in the vhost configurations aren't working: Code: location ^~ /.well-known/acme-challenge/ { access_log off; log_not_found off; root /usr/local/ispconfig/interface/acme/; autoindex off; index index.html; try_files $uri $uri/ =404; } If I place a test file at /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/test, I get a 404 when I browse to /.well-known/acme-challenge/test on any domain on the server. I don't understand why the location sections are being ignored. I don't think I have anything out of the ordinary in my configuration except for changing the location of phpmyadmin, which I did properly via /usr/local/ispconfig/server/conf-custom/nginx_apps.vhost.master. I have attached the anonymized output of nginx -T.
The location statement is fine, I have several nginx servers here that use the same statement and LE works there without issues. Do you have any custom niginx configuration set in the ngins directives field of the website?
No. If I did, they'd show up in the nginx -T output. That shows everything nginx is aware of. I'm completely stumped why I get a 404 for anything I put in /usr/local/ispconfig/interface/acme/.well-known/acme-challenge/. I've confirmed there are no symlinks in the path. I've ruled out DNS too; the access.log confirms that requests are coming in to the right server: Code: 66.133.109.36 - - [18/Jan/2019:20:22:05 +0000] "GET /.well-known/acme-challenge/OuoaDd0w8N0NaaoO-FkY6rfDwMi3c0jh1i3XwuUYDPs HTTP/1.1" 404 152 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"
I'm sorry; I must have had an incorrect understanding of the procedure. I discovered that my test file was accessible by HTTPS but not HTTP, and that I was getting the wrong self-generated certificate. I hadn't generated a certificate for the site yet. I didn't realize I had to do that first, but once I did, the problem went away. Thanks for bearing with me.