Sarvar
November 30, 2024, 2:35pm
1
Hello everyone,
I can’t renew the Let’s Encrypt certificate on the domain (subdomain) where the proxy template is used
Proxy templates:
#Portfolio_ADMIN .stpl
server {
listen %ip%:%proxy_port%;
server_name %domain_idn%;
return 301 https://%domain_idn%$request_uri;
}
server {
listen %ip%:%proxy_ssl_port% http2 ssl;
server_name %domain_idn%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
gzip on;
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_types image/svg+xml svg svgz text/plain application/x-javascript text/xml text/css;
gzip_vary on;
location / {
proxy_pass http://127.0.0.1:6060;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location @fallback {
proxy_pass https://127.0.0.1:6060:/$1;
}
location ~ /\.ht {
return 404;
}
location ~ /\.svn/ {
return 404;
}
location ~ /\.git/ {
return 404;
}
location ~ /\.hg/ {
return 404;
}
location ~ /\.bzr/ {
return 404;
}
include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*;
}
#Portfolio_ADMIN .tpl
server {
listen %ip%:%proxy_port%;
server_name %domain_idn% %alias_idn%;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
location / {
proxy_pass http://127.0.0.1:6060;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location ~ /.well-known {
allow all;
}
location @fallback {
proxy_pass http://127.0.0.1:6060:/$1;
}
location ~ /\.ht {
return 404;
}
location ~ /\.svn/ {
return 404;
}
location ~ /\.git/ {
return 404;
}
location ~ /\.hg/ {
return 404;
}
location ~ /\.bzr/ {
return 404;
}
include %home%/%user%/conf/web/nginx.%domain%.conf*;
}
It would be great if you could help
sahsanu
November 30, 2024, 3:38pm
2
Hi @Sarvar
The includes you are using for both templates are the wrong ones.
In Portfolio_ADMIN.tpl
replace:
include %home%/%user%/conf/web/nginx.%domain%.conf*;
by:
include %home%/%user%/conf/web/%domain%/nginx.conf_*;
In Portfolio_ADMIN.stpl
replace:
include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*;
by:
include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
Once it is changed, remember to rebuild your web domain.
Sarvar
December 1, 2024, 5:33am
3
Thanks for the answer
I edited the templates, saved them, rebuilt the domain (via v-rebuild-web-domain), but the error still didn’t go away
*When I update the SSL certificate using the same template for the sangilov.uz domain, it updates without any problems, but I have the same problem with the subdomain.
#Portfolio_ADMIN .tpl
server {
listen %ip%:%proxy_port%;
server_name %domain_idn% %alias_idn%;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
location / {
proxy_pass http://127.0.0.1:6060;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location ~ /.well-known {
allow all;
}
location @fallback {
proxy_pass http://127.0.0.1:6060:/$1;
}
location ~ /\.ht {
return 404;
}
location ~ /\.svn/ {
return 404;
}
location ~ /\.git/ {
return 404;
}
location ~ /\.hg/ {
return 404;
}
location ~ /\.bzr/ {
return 404;
}
include %home%/%user%/conf/web/%domain%/nginx.conf_*;
}
#Portfolio_ADMIN .stpl
server {
listen %ip%:%proxy_port%;
server_name %domain_idn%;
return 301 https://%domain_idn%$request_uri;
}
server {
listen %ip%:%proxy_ssl_port% http2 ssl;
server_name %domain_idn%;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error;
gzip on;
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_types image/svg+xml svg svgz text/plain application/x-javascript text/xml text/css;
gzip_vary on;
location / {
proxy_pass http://127.0.0.1:6060;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location @fallback {
proxy_pass https://127.0.0.1:6060:/$1;
}
location ~ /\.ht {
return 404;
}
location ~ /\.svn/ {
return 404;
}
location ~ /\.git/ {
return 404;
}
location ~ /\.hg/ {
return 404;
}
location ~ /\.bzr/ {
return 404;
}
include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;
}
Show the output of these commands:
ls -la /home/*/conf/web/admin.sangilov.uz/
cat /home/*/conf/web/admin.sangilov.uz/nginx.conf
cat /home/*/conf/web/admin.sangilov.uz//nginx.conf_letsencrypt
cat /home/*/conf/web/admin.sangilov.uz/nginx.ssl.conf
Sarvar
December 1, 2024, 6:23pm
5
ls -la /home/*/conf/web/admin.sangilov.uz/
cat /home/*/conf/web/admin.sangilov.uz/nginx.conf
cat /home/*/conf/web/admin.sangilov.uz//nginx.conf_letsencrypt
cat /home/*/conf/web/admin.sangilov.uz/nginx.ssl.conf
As I understand it, the nginx.ssl.conf file and the Portfolio_ADMIN.stpl file should be the same?
Edit /home/Savar/conf/web/admin.sangilov.uz/nginx.conf
and comment these lines:
location ~ /.well-known {
allow all;
}
So they will look like:
# location ~ /.well-known {
# allow all;
# }
Save the file and restart nginx:
systemctl restart nginx
Now check whether this conf works using this command:
curl -ikL http://admin.sangilov.uz/.well-known/acme-challenge/test
The output should show the text: test.YourLetsEncryptThumbPrint
Sarvar
December 2, 2024, 8:59am
7
Thank you very much, it worked
I deleted the part
location ~ /.well-known {
allow all;
}
from the #Portfolio_ADMIN .tpl file and it worked
1 Like