"sudo site domain.com -ssl=on" not working

Question

Hi there,

running "sudo site domain.com -ssl=on" results in an error-message, see below. DNS-entries are correct.

• Failed authorization procedure. www.rerdmann.eu (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.rerdmann.eu/.well-known/acme-challenge/vrnpO2z-r1IYym8Ch1UYXeVadOgdx4fHa8xpfd1gUls: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n", rerdmann.eu (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://rerdmann.eu/.well-known/acme-challenge/rX6JdDQVlIUV0MbDZFNgmV61BqgD5ddEvafJDoprxxw: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body>\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>nginx</center>\r\n"

Output of "systemctl status nginx.service"

• Nov 02 00:09:57 localhost systemd[1]: Starting A high performance web server and a reverse proxy server... Nov 02 00:10:03 v22017123818957639.luckysrv.de systemd[1]: Started A high performance web server and a reverse proxy server. Nov 02 00:11:29 v22017123818957639.luckysrv.de systemd[1]: Reloading A high performance web server and a reverse proxy server. Nov 02 00:11:29 v22017123818957639.luckysrv.de nginx[2099]: nginx: [emerg] could not build server_names_hash, you should increase server_names_hash_bucket_size: 32 Nov 02 00:11:29 v22017123818957639.luckysrv.de systemd[1]: nginx.service: Control process exited, code=exited status=1

Please have a look at this

Thanks in advance

Rüdiger

Answer 1

Hi Rüdiger,

• The correct command is: -ssl-on, with "-" (hyphen) instead of "=" (equal). I'm planning to standarized this in the future.
• I tried to visit your site www.rerdmann.eu and seems like is not online or your DNS is not pointing to your server. You can not request a cert for an inaccesible-offline site.

Regards.

Comments

now it's online, I've shut it down before.

---

It was a typo in my ticket, I've used "-" instead of "=".

---

No, I can not see your site, your server is not responding to "www.rerdmann.eu" requests.

Maybe your DNS is still not propagated.

That's why you are getting an error for the cert request.

---

...still not working. DNS is correctly propagated (www.rerdmann.eu, IP 37.120.174.118)

The same process (registering LE-certificate) works without any problems with EasyEngine 4 RC1.

Update:

Nginx is not running (freshly installed Ubuntu 18.04 LTS, nginx 1.15.5, mainline):

sudo nginx -t

nginx: [emerg] could not build server_names_hash, you should increase server_names_hash_bucket_size: 32

nginx: configuration file /etc/nginx/nginx.conf test failed

---

To be honest, I don't know what you are doing wrong.

Everything is working fine as expected on my end.

• The let's encrypt error normally is because they can not access or connect with your site.
• The Nginx error is very weird because that error is related to very long domain names or when a very large number of server names are defined.

---

Fresh install of Ubuntu 18.04 LTS

wget -qO weby qrok.es/wy && sudo bash weby 0

sudo webinoly -conf-value_max-mb-uploads=200;

sudo webinoly -conf-value_nginx-ppa=mainline;

sudo stack -lemp

sudo site rerdmann.eu -wp=default -cache;

sudo site rerdmann.eu -ssl-on;

---

I followed your same steps using my own domain and removing the semicolons you added at the end of some lines.

And everything works just fine, as expected!

I don't really know what could be wrong with your configuration.

UPDATE: Just for the record, your site is still inaccessible, it will be impossible to request an SSL Cert until you have public access, your server is only showing the default-nginx page.

---

Looking for alternatives I've shut down my VPS, that's why it's not reachable.

Thanks.

---

I'm sorry to hear that.

I always try to do Webinoly as simple to use as possible, but sometimes I can't get it.

Regards.

---

I know, and it was not meant as criticism. I think Webinoly is still great, but actually it doesn't work for me.

Actually I'm giving oneinstack a try. Much more complicated, but that domain-thing (lets encrypt) seemed to work, however I'm using my custom certificates now.

Thanks

Rüdiger

---

Hi there, solution found. It's not a problem of domains and their dns, it's a problem with a Nginx-Setting: I've tried it on the old one of my two vps (old in terms of processor). It's about this (taken from Nginx-documentation), configured in nginx.conf, see below. After removing the # from the line  (server_names_hash_bucket_size) it works with value left at 32. Perhaps you could integrate this in Webinoly in any way?

Thanks

Rüdiger

If a large number of server names are defined, or unusually long server names are defined, tuning the server_names_hash_max_size and server_names_hash_bucket_size directives at the http level may become necessary. The default value of the server_names_hash_bucket_size directive may be equal to 32, or 64, or another value, depending on CPU cache line size. If the default value is 32 and server name is defined as “too.long.server.name.example.org” then nginx will fail to start and display the error message:

could not build the server_names_hash,
you should increase server_names_hash_bucket_size: 32

In this case, the directive value should be increased to the next power of two:

http {
    server_names_hash_bucket_size  64;
    ...

If a large number of server names are defined, another error message will appear:

could not build the server_names_hash,
you should increase either server_names_hash_max_size: 512
or server_names_hash_bucket_size: 32

In such a case, first try to set server_names_hash_max_size to a number close to the number of server names. Only if this does not help, or if nginx’s start time is unacceptably long, try to increaseserver_names_hash_bucket_size.

---

Hi there, solution found. It's not a problem of domains and their dns, it's a problem with a Nginx-Setting: I've tried it on the old one of my two vps (old in terms of processor).

It's about this (taken from Nginx-documentation), configured in nginx.conf, see below. 

After removing the # from the line (server_names_hash_max_size) it works with value left at 32. Perhaps you could integrate this in Webinoly in any way?

Thanks

Rüdiger

If a large number of server names are defined, or unusually long server names are defined, tuning the server_names_hash_max_size and server_names_hash_bucket_size directives at the http level may become necessary. The default value of the server_names_hash_bucket_size directive may be equal to 32, or 64, or another value, depending on CPU cache line size. If the default value is 32 and server name is defined as “too.long.server.name.example.org” then nginx will fail to start and display the error message:

could not build the server_names_hash,
you should increase server_names_hash_bucket_size: 32

In this case, the directive value should be increased to the next power of two:

http {
    server_names_hash_bucket_size  64;
    ...

If a large number of server names are defined, another error message will appear:

could not build the server_names_hash,
you should increase either server_names_hash_max_size: 512
or server_names_hash_bucket_size: 32

In such a case, first try to set server_names_hash_max_size to a number close to the number of server names. Only if this does not help, or if nginx’s start time is unacceptably long, try to increaseserver_names_hash_bucket_size.

---

I'm glad that you have found a solution.

As I said before your site were not accesible and now you know it was due to an Nginx issue. I've seen this problem before and it's very erratic, I will put a high number in these "hash" variables to prevent this error.

---

great, thanks a lot :)

Regards, Rüdiger