Date Time: 2024-09-17 10:11:47
WEB_SYSTEM: apache2
PROXY_SYSTEM: nginx
user: gh49
domain: gh49.ru
- aliases: www.gh49.ru
- proto: http-01
- wildcard:
==[Step 1]==
- status: 200
- nonce: fCBw7MtQaLIMLXAwOgL-3BLoh0AhwcfSTQla6cSkFyaLMA1GOh4
- answer: HTTP/2 200
server: nginx
date: Tue, 17 Sep 2024 07:11:49 GMT
content-type: application/json
content-length: 746
cache-control: public, max-age=0, no-cache
replay-nonce: fCBw7MtQaLIMLXAwOgL-3BLoh0AhwcfSTQla6cSkFyaLMA1GOh4
x-frame-options: DENY
strict-transport-security: max-age=604800
==[API call]==
exit status: 0
==[Step 2]==
- status: 201
- nonce: 0Nvv4YStKleEad7uNoU9j9-nRw1UzJHWXR_09v0jIZou48skf2w
- authz: https://acme-v02.api.letsencrypt.org/acme/authz-v3/404706752816
https://acme-v02.api.letsencrypt.org/acme/authz-v3/404706752826
- finalize: https://acme-v02.api.letsencrypt.org/acme/finalize/1942692346/305858236106
- payload: {"identifiers":[{"type":"dns","value":"gh49.ru"},{"type":"dns","value":"www.gh49.ru"}]}
- answer: HTTP/2 201
server: nginx
date: Tue, 17 Sep 2024 07:11:50 GMT
content-type: application/json
content-length: 467
boulder-requester: 1942692346
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
location: https://acme-v02.api.letsencrypt.org/acme/order/1942692346/305858236106
replay-nonce: 0Nvv4YStKleEad7uNoU9j9-nRw1UzJHWXR_09v0jIZou48skf2w
x-frame-options: DENY
strict-transport-security: max-age=604800
{
"status": "pending",
"expires": "2024-09-24T07:11:50Z",
"identifiers": [
{
"type": "dns",
"value": "gh49.ru"
},
{
"type": "dns",
"value": "www.gh49.ru"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/404706752816",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/404706752826"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1942692346/305858236106"
}
order: https://acme-v02.api.letsencrypt.org/acme/order/1942692346/305858236106
==[API call]==
exit status: 0
==[Step 3]==
- status: 200
- nonce: 4OmWUlyUpJCYK_gk33vlvjp5yzkDNZHexz1i54FL8ffbnYv8jWs
- url: https://acme-v02.api.letsencrypt.org/acme/chall-v3/404706752816/7yPY4Q
- token: WLzaRTWGWnLohvxMLdJlQM5-YQHfe2xGNS6WkdI4-mM
- answer: HTTP/2 200
server: nginx
date: Tue, 17 Sep 2024 07:11:51 GMT
content-type: application/json
content-length: 791
boulder-requester: 1942692346
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 4OmWUlyUpJCYK_gk33vlvjp5yzkDNZHexz1i54FL8ffbnYv8jWs
x-frame-options: DENY
strict-transport-security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "gh49.ru"
},
"status": "pending",
"expires": "2024-09-24T07:11:50Z",
"challenges": [
{
"type": "tls-alpn-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/404706752816/1jEWsg",
"status": "pending",
"token": "WLzaRTWGWnLohvxMLdJlQM5-YQHfe2xGNS6WkdI4-mM"
},
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/404706752816/pKL6Yg",
"status": "pending",
"token": "WLzaRTWGWnLohvxMLdJlQM5-YQHfe2xGNS6WkdI4-mM"
},
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/404706752816/7yPY4Q",
"status": "pending",
"token": "WLzaRTWGWnLohvxMLdJlQM5-YQHfe2xGNS6WkdI4-mM"
}
]
}
==[API call]==
exit status: 0
==[Step 5]==
- status: 200
- url: https://acme-v02.api.letsencrypt.org/acme/chall-v3/404706752816/7yPY4Q
- nonce: 0Nvv4YSt59PUTMT2n9uBD0F1zQCxEp7rWnaMk-YlgXhFpS7x3xg
- validation: https://acme-v02.api.letsencrypt.org/acme/chall-v3/404706752816/7yPY4Q
- details:
- answer: HTTP/2 200
server: nginx
date: Tue, 17 Sep 2024 07:11:57 GMT
content-type: application/json
content-length: 187
boulder-requester: 1942692346
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/404706752816>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/404706752816/7yPY4Q
replay-nonce: 0Nvv4YSt59PUTMT2n9uBD0F1zQCxEp7rWnaMk-YlgXhFpS7x3xg
x-frame-options: DENY
strict-transport-security: max-age=604800
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/404706752816/7yPY4Q",
"status": "pending",
"token": "WLzaRTWGWnLohvxMLdJlQM5-YQHfe2xGNS6WkdI4-mM"
}
==[API call]==
exit status: 0
==[Step 3]==
- status: 200
- nonce: UAMvsxnwmGYlZk2xHc_UuSZrqO7UY2qMTOFUcUurQg3HOyjpCYs
- url: https://acme-v02.api.letsencrypt.org/acme/chall-v3/404706752826/OvcJug
- token: 216ut_Np-Dfb9ziwlooRkaYFCJzQxDE8h3fJwdtt5kI
- answer: HTTP/2 200
server: nginx
date: Tue, 17 Sep 2024 07:12:02 GMT
content-type: application/json
content-length: 795
boulder-requester: 1942692346
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: UAMvsxnwmGYlZk2xHc_UuSZrqO7UY2qMTOFUcUurQg3HOyjpCYs
x-frame-options: DENY
strict-transport-security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "www.gh49.ru"
},
"status": "pending",
"expires": "2024-09-24T07:11:50Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/404706752826/OvcJug",
"status": "pending",
"token": "216ut_Np-Dfb9ziwlooRkaYFCJzQxDE8h3fJwdtt5kI"
},
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/404706752826/auHjMg",
"status": "pending",
"token": "216ut_Np-Dfb9ziwlooRkaYFCJzQxDE8h3fJwdtt5kI"
},
{
"type": "tls-alpn-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/404706752826/L3BNPA",
"status": "pending",
"token": "216ut_Np-Dfb9ziwlooRkaYFCJzQxDE8h3fJwdtt5kI"
}
]
}
==[API call]==
exit status: 0
==[Step 5]==
- status: 200
- url: https://acme-v02.api.letsencrypt.org/acme/chall-v3/404706752826/OvcJug
- nonce: fCBw7MtQhB_6OKjgkuWWyV975WYPoo9CAf-4Mbe-pF4S9AH3fXo
- validation: https://acme-v02.api.letsencrypt.org/acme/chall-v3/404706752826/OvcJug
- details:
- answer: HTTP/2 200
server: nginx
date: Tue, 17 Sep 2024 07:12:08 GMT
content-type: application/json
content-length: 187
boulder-requester: 1942692346
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
link: <https://acme-v02.api.letsencrypt.org/acme/authz-v3/404706752826>;rel="up"
location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/404706752826/OvcJug
replay-nonce: fCBw7MtQhB_6OKjgkuWWyV975WYPoo9CAf-4Mbe-pF4S9AH3fXo
x-frame-options: DENY
strict-transport-security: max-age=604800
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/404706752826/OvcJug",
"status": "pending",
"token": "216ut_Np-Dfb9ziwlooRkaYFCJzQxDE8h3fJwdtt5kI"
}
==[API call]==
exit status: 0
==[Step 6]==
- status: 403
- nonce: 4OmWUlyUGkCAMCazs16O05ijXlj0u13A9669UH5lh40qcoXjhTM
- payload: {"csr":"MIIE_zCCAucCAQAwgYcxGzAZBgkqhkiG9w0BCQEWDGluZm9AZ2g0OS5ydTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDzANBgNVBAoMBkhlc3RpYTELMAkGA1UECwwCSVQxEDAOBgNVBAMMB2doNDkucnUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC_uHXC449AW5EEBn5u0VSgo6kFeL1UyLClVnWJ17PWFjQZlKYF2xKcj1H6THo_MZQhQz-kaJfADAbh1d6fHFj22E7j1JltqnZey6UoVU3E14IHVpWtbwM1fqSkrDInFLtmLuK4lYMVDDX5rpDG1-ondsBUzROSXzHfszQN1uOT4lNdA7ou5cbtdSr2ZQbjmcl3t8rgKP-7sOOehPlTTCjQ_-LgWGXJ7_pYNA8RasWWui8B-KJ-H6d6rLNz6pWYdv5k2vQWwVBTg_Oz9-5vHSSO8uuR1EMM6dX7WejrQuuuxXOaC0A9bklxR2aUNMbvn-TN9MFRCgF0BleUOGICi6H0pkkPMBzRROXNfns51smFWHaupukdIpQJElmelsti08L6ZJP-1CNmhdSi65WGPwup1HRofMMcwfuf0U1LRH3QizdNXSjCtgMykR_2OhlO75sgG6Ac1LQduI9LdaCPRQFA5nPIkj_Oj67GMW0YiChvtsFRLMdXr29-tFXNq7U3ndvdfRv2_JKQBRxZff8jafaFLRWR4383Tl9TV8dsoOKFkaxO103zLZ-Uc00E4XfRGzTArNE5HWFxn0_Y90SKMRNlcY-w-mK8FKFdPNAf5nVWIfEvCua033d2kh3RqJoTWoH0buPe_ovr2NY7sXSCIgSbv19o6n_bMp-4RJSMRg4oPQIDAQABoDIwMAYJKoZIhvcNAQkOMSMwITAfBgNVHREEGDAWggdnaDQ5LnJ1ggt3d3cuZ2g0OS5ydTANBgkqhkiG9w0BAQsFAAOCAgEAfAl7Xlvn3Nta-FTsE5iLZRiyJtJUWC9AjPVypUbqxYz5e6amueavMQcarla_hUipzk0QRPjKFnByuN3wUs0T03NOcuFNWwawlUM9ao1kY0KANXAwYvduTzGagC4EwpZ_3sYu5BkaQolSP6aN6e_LfhP-ppWNNERoVOP0YOVZ2DEUtU4JJOOmPaVnzsUMyzkOwuWGtzEocNScFk2C5TbApudtw5vhhn-02tqG6QtSL0QxsUdbq2DGNpbqH_ALHxcyEWO2lEs_iDxSKKYgXFkUQywIMhirpedG-ZfRyelhilfLPdXh6yDVLsrAZxMOI2iGAmwfCMiFYua_ZLCO3Zus7POjSzkwEw0qe8tMq92pSrPuzcHWjgHKtPvfQDpw3JuqbwivCqK8VDO5pcnHxevre42IpTAbsssiv7o9mKA7bd3hwGQxWu963Fl9wkAAh-QTsZyuCC6KKQjVcdj1XFA3_Usul46dKIwT37isFwOuP4OADpQao7Op8wSpNBtnsgj3rfjivCPDmM94VA0oHp6DIYPQyW_K5sxkAKrESN8droAiQ5cet2lmjRdl6V6a73cID6R8Tvn-mCWxaAY81rJ7YUJGeLri2N8Gdcj0o-4i0yqNi6Tpxp2FJ9dQXtn8jBe-VdK2897oAGDXhq0PDR50pAfqTQnD06RzucLzdtr8joU"}
- certificate:
- answer: HTTP/2 403
server: nginx
date: Tue, 17 Sep 2024 07:12:15 GMT
content-type: application/problem+json
content-length: 152
boulder-requester: 1942692346
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: 4OmWUlyUGkCAMCazs16O05ijXlj0u13A9669UH5lh40qcoXjhTM
{
"type": "urn:ietf:params:acme:error:orderNotReady",
"detail": "Order's status (\"invalid\") is not acceptable for finalization",
"status": 403
}
Show the output of these commands:
ls -la /home/gh49/conf/web/gh49.ru/
cat /home/gh49/conf/web/gh49.ru/nginx.conf
cat /home/gh49/conf/web/gh49.ru/nginx.conf_letsencrypt
root@lxdns:~# ls -la /home/gh49/conf/web/gh49.ru/
total 20
drwxr-xr-x 2 root root 4096 Sep 12 14:07 .
drwxr-x--x 3 root root 4096 Sep 11 10:42 ..
-rw-r----- 1 root gh49 1519 Sep 12 14:07 apache2.conf
-rw-r----- 1 root gh49 1481 Sep 12 14:07 nginx.conf
-rw-r--r-- 1 root root 159 Sep 17 10:12 nginx.conf_letsencrypt
lrwxrwxrwx 1 root root 50 Sep 12 14:02 nginx.ssl.conf_letsencrypt -> /home/gh49/conf/web/gh49.ru/nginx.conf_letsencrypt
server {
listen 31.25.241.250:80;
server_name gh49.ru www.gh49.ru;
error_log /var/log/apache2/domains/gh49.ru.error.log error;
include /home/gh49/conf/web/gh49.ru/nginx.forcessl.conf*;
location ~ /\.(?!well-known\/|file) {
deny all;
return 404;
}
location / {
proxy_pass http://31.25.241.250:8080;
location ~* ^.+\.(css|htm|html|js|json|xml|apng|avif|bmp|cur|gif|ico|jfif|jpg|jpeg|pjp|pjpeg|png|svg|tif|tiff|webp|aac|caf|flac|m4a|midi|mp3|ogg|opus|wav|3gp|av1|avi|m4v|mkv|mov|mpg|mpeg|mp4|mp4v|webm|otf|ttf|woff|woff2|doc|docx|odf|odp|ods|odt|pdf|ppt|pptx|rtf|txt|xls|xlsx|7z|bz2|gz|rar|tar|tgz|zip|apk|appx|bin|dmg|exe|img|iso|jar|msi|webmanifest)$ {
try_files $uri @fallback;
root /home/gh49/web/gh49.ru/public_html;
access_log /var/log/apache2/domains/gh49.ru.log combined;
access_log /var/log/apache2/domains/gh49.ru.bytes bytes;
expires max;
}
}
location @fallback {
proxy_pass http://31.25.241.250:8080;
}
location /error/ {
alias /home/gh49/web/gh49.ru/document_errors/;
}
include /home/gh49/conf/web/gh49.ru/nginx.conf_*;
}
root@lxdns:~# cat /home/gh49/conf/web/gh49.ru/nginx.conf_letsencrypt
location ~ "^/\.well-known/acme-challenge/([-_A-Za-z0-9]+)$" {
default_type text/plain;
return 200 "$1.z2wN3ORqKgAsrAvk77oqw827g3WoynJNEhcyrRmqAZk";
}
I don’t see any problem on your conf, all looks fine but nginx is still returning 404 when trying to validate the Let’s Encrypt token.
tail /var/log/apache2/domains/gh49.ru.log
tail /var/log/apache2/domains/gh49.ru.error.log
nginx -t
grep -ERi 'gh49\.ru' /etc/nginx/
systemctl restart nginx
systemctl status nginx --no-pager -l
Edit: I used .com instead of .ru on grep command
I did this actions and it helped. Thank you very much!
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.