Webinoly is just the perfect tool for NGINX experts. Give it a try!
0 votes
978 views
by Rookie
closed by
Hello,

When a try -ssl=on on a site, I get this error on the log (file and directory permissions are ok, and when I manually create /var/www/[domain]/htdocs/.well-known/acme-challenge/4p5hH4DSLWfSeHHHFYqpSO4Tn-h8CFYJ828aBDrWK3U I get the same 403 Forbidden error):

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
  Domain: www.[domain]
  Type:   unauthorized
  Detail: Invalid response from http://www.[domain]/.well-known/acme-challenge/4p5hH4DSLWfSeHHHFYqpSO4Tn-h8CFYJ828aBDrWK3U [161.35.140.234]: "<html>\r\n<head><title>403 Forbidden</title></head>\r\n<body>\r\n<center><h1>403 Forbidden</h1></center>\r\n<hr><center>nginx</center>\r\n"

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

2021-06-08 06:38:21,842:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 93, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 181, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2021-06-08 06:38:21,842:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-06-08 06:38:21,842:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-06-08 06:38:21,842:DEBUG:certbot._internal.plugins.webroot:Removing /var/www/[domain]/htdocs/.well-known/acme-challenge/4p5hH4DSLWfSeHHHFYqpSO4Tn-h8CFYJ828aBDrWK3U
2021-06-08 06:38:21,842:DEBUG:certbot._internal.plugins.webroot:All challenges cleaned up
2021-06-08 06:38:21,843:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/1201/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/main.py", line 1552, in main
    return config.func(config, plugins)
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/main.py", line 1414, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/main.py", line 128, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/client.py", line 445, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/client.py", line 375, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/client.py", line 425, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 93, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/snap/certbot/1201/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 181, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2021-06-08 06:38:21,845:ERROR:certbot._internal.log:Some challenges have failed.
closed with the note: Solution found
by Rookie
In the php error log I get:

2021/06/08 07:07:54 [error] 967#967: *1664 access forbidden by rule, client: [my ip], server: [domain], request: "GET /.well-known/acme-challenge/4p5hH4DSLWfSeHHHFYqpSO4Tn-h8CFYJ828aBDrWK3U HTTP/1.1", host: "[domain]"

Any hint in the right direction would be appreciated
by Rookie
Found de issue: a rule in a custom-nginx.conf file to prevent returning hidden files (created by following instructions of Defender Pro).
by Expert

Glad you found a solution!

In fact, Webinoly has all these security rules already included, you don't need any additional rules, unless you have something very specific.

by Rookie
Thanks, great to know.
Welcome to the Community site for Webinoly.

Our Optimized LEMP Web Server is a powerful set of commands for doing just about anything you could wish.

With Webinoly you can set up your NGINX web server in just one step.

* * * * * * *

To report a bug, please create a new issue on GitHub or ask a question here with the bug tag.
Webinoly Support Paypal Donations

PayPal · GitHub Sponsors · Bitcoin

It is very important that any visitor to the site read the disclaimer, terms of use and privacy and legal statement before start browsing.

...