Let's encrypt certification: fails due to lowercasing?

BilboTheHobbyist · September 20, 2024, 1:55pm

Hello,

I can’t get Let’s encrypt to work on my NodeJS web domain bellerad.io.

I asked the Let’s encrypt community, : HestiaCP panel: Let’s encrypt finalize bad status 403 - Help - Let’s Encrypt Community Support (letsencrypt.org). I was pointed out my server was rewriting an Url in lowercase. I tried to unroll these nginx parameters:

/etc/nginx,
/home/{my_user}/conf/web/bellerad.io
/home/{my_user}/hestiacp_nodejs_config/web/bellerad.io/

Unfortunately, I couldn’t find anything related to a rewrite. The only part that I thought related to my issue were the nginx.*.conf_letsencrypt file, but they only happen a string at the end of the .well-known/acme-challenge/ url, don’t they ?

Any clue ?

sahsanu · September 20, 2024, 2:13pm

Hi @BilboTheHobbyist,

Show your nginx.conf.

cat /home/*/conf/web/bellerad.io/nginx.conf

BilboTheHobbyist · September 20, 2024, 2:36pm

Here you are (couldn’t find a way to upload it )

server {
        listen XX.XX.XX.XX:80;
        server_name bellerad.io www.bellerad.io ma.bellerad.io;
        error_log /var/log/apache2/domains/bellerad.io.error.log error;

        include /home/XXX/hestiacp_nodejs_config/web/bellerad.io/nodejs-app.conf;

        location /error/ {
                alias /home/XXX/web/bellerad.io/document_errors/;
        }

        include /home/XXX/hestiacp_nodejs_config/web/bellerad.io/nodejs-app-fallback.conf;

        location ~ /\.ht {return 404;}
        location ~ /\.svn/ {return 404;}
        location ~ /\.git/ {return 404;}
        location ~ /\.hg/ {return 404;}
        location ~ /\.bzr/ {return 404;}
}

sahsanu · September 20, 2024, 2:37pm

It’s ok to copy and paste here but you didn’t paste all the contents of the file.

BilboTheHobbyist · September 20, 2024, 2:48pm

During copy-pasting, I missed the last }. Apart from that, I can’t see anything else I missed (cf. screen capture).

sahsanu · September 20, 2024, 2:55pm

Add this include before the first include (replace YourUser by the actual user):

include /home/YourUser/conf/web/bellerad.io/nginx.conf_*;

And then:

systemctl reload nginx

Once done you can test if you receive the right token instead of 404.

curl -ikL http://bellerad.io/.well-known/acme-challenge/TeSt

If this works, you should modify your template (tpl and stpl) to add the right includes and rebuild your site:

YourTemplate.tpl

include %home%/%user%/conf/web/%domain%/nginx.conf_*;

YourTemplate.stpl

include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;

BilboTheHobbyist · September 20, 2024, 3:04pm

Brilliant ! I got me a certificate !

Thanks a lot , I’ll look into modifying my template, then.

system · October 20, 2024, 3:05pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.