Jess
March 27, 2024, 9:20am
1
hi,
would like to get an SSL for my email domain, but I always end up with the following:
Error: Let’s Encrypt validation status 400 (mail.diff.hu). Details: 403:“185.80.50.84: Invalid response from http://mail.diff.hu/.well-known/acme-challenge/Wf4pwzlyrs1dX0upJzgPGvQlqrMK4vQIj6c6ck-z7Fs: 404”
If I ping mail.diff.hu, or webmail.diff.hu it resolves to the desired 185.80.50.84
Simply created an e-mail domain for diff.hu and clicked the SSL button, no other web domains are present. Roundcube itself is loading - however I tried also disabling it and getting the cert like that - still no go.
What else should I check?
Ty in advance!
Hi @Jess ,
mail.diff.hu
can’t answer to the acme challenge but webmail.diff.hu
does:
$ curl -ikL http://webmail.diff.hu/.well-known/acme-challenge/test
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 27 Mar 2024 11:15:42 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 48
Connection: keep-alive
test.IxkLLtnoVLDbhGNkvQ52tRU0Fyf0BzxsdT5oK-1OjcI#
Could you please show the nginx conf for your domain? (replace YourUser
by the actual user)
cat /home/YourUser/conf/mail/diff.hu/nginx.conf
cat /home/YourUser/conf/mail/diff.hu/nginx.conf_letsencrypt
Jess
March 27, 2024, 12:28pm
3
hi,
this seems quite stock to me:
server {
listen 185.80.50.84:80;
server_name webmail.diff.hu mail.diff.hu;
root /var/lib/roundcube;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/webmail.diff.hu.log combined;
error_log /var/log/nginx/domains/webmail.diff.hu.error.log error;
include /home/different/conf/mail/diff.hu/nginx.forcessl.conf*;
location ~ /\.(?!well-known\/) {
deny all;
return 404;
}
location ~ ^/(README.md|config|temp|logs|bin|SQL|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
deny all;
return 404;
}
location / {
alias /var/lib/roundcube/;
try_files $uri $uri/ =404;
proxy_pass http://185.80.50.84:8080;
location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|woff2|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|webp|ico|bmp|mid|midi|wav|rtf|css|js|jar)$ {
expires 7d;
fastcgi_hide_header "Set-Cookie";
}
}
location @fallback {
proxy_pass http://185.80.50.84:8080;
}
location /error/ {
alias /var/www/document_errors/;
}
include /home/different/conf/mail/diff.hu/nginx.conf_*;
LE:
root@hestia:~# cat /home/different/conf/mail/diff.hu/nginx.conf_letsencrypt
location ~ "^/\.well-known/acme-challenge/([-_A-Za-z0-9]+)$" {
default_type text/plain;
return 200 "$1.IxkLLtnoVLDbhGNkvQ52tRU0Fyf0BzxsdT5oK-1OjcI";
}
Looks fine, show the output of this command (as root):
grep -R '\smail\.diff\.hu' /etc/nginx/
Jess
March 27, 2024, 12:56pm
5
root@hestia:~# grep -R '\smail\.diff\.hu' /etc/nginx/
/etc/nginx/conf.d/domains/webmail.diff.hu.conf: server_name webmail.diff.hu mail.diff.hu;
/etc/nginx/conf.d/domains/mail.diff.hu.conf: server_name mail.diff.hu ;
This one shouldn’t be there.
Jess
March 27, 2024, 1:05pm
7
Well, haven’t touched these files for sure… I think I tried to create a web domain with the name, but it failed. Should I simply remove that file?
simply remove the related domain, you dont need to create mail.domain.tld as webdomain - that’s the reason it fails.
Jess
March 27, 2024, 1:14pm
9
omg… I was totally certain that it failed creating it… But it was there. Removed and it is working like a charm. 100% user error - sorry.
2 Likes
system
Closed
April 26, 2024, 1:15pm
10
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.