search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
38.53k stars 4.9k forks source link

Nginx mode :: Can not find conf file for domain #1914

Closed timtorChen closed 3 years ago

timtorChen commented 5 years ago

In log file, it seems acme.sh found and resolve the included file /etc/nginx/conf.d/django_nginx.conf, but it still report Can not find conf file for domain mydomain.com

Steps to reproduce

Install and upgrade in default

curl  https://get.acme.sh | sh 
ln -s ~/.acme.sh/acme.sh /usr/bin/acme.sh
acme.sh --upgrade

Nginx configs

/etc/nginx/nginx.conf

# the user start this nginx
user  root;
worker_processes  2;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/django_nginx.conf;

}

/etc/nginx/conf.d/django_nginx.conf

# client <---> nginx <---> uwsgi <---> django
upstream django {
    server web:8001;
}

server {
    listen 80;
    server_name  mydomain.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;

    location /static {
        alias /staticfile;
    }

    location / {
        uwsgi_pass django;
        include /etc/nginx/uwsgi_params;
    }

    ssl_certificate /etc/nginx/ssl/mydomain.com/fullchain.cer;
    ssl_certificate_key /etc/nginx/ssl/mydomain.com/privkey.key;
}

Debug log

acme.sh --issue -d  mydomain.com --nginx  --debug 2

[Wed Nov  7 02:24:45 UTC 2018] Lets find script dir.
[Wed Nov  7 02:24:45 UTC 2018] _SCRIPT_='/usr/bin/acme.sh'
[Wed Nov  7 02:24:45 UTC 2018] _script='/root/.acme.sh/acme.sh'
[Wed Nov  7 02:24:45 UTC 2018] _script_home='/root/.acme.sh'
[Wed Nov  7 02:24:45 UTC 2018] Using default home:/root/.acme.sh
[Wed Nov  7 02:24:45 UTC 2018] Using config home:/root/.acme.sh
[Wed Nov  7 02:24:45 UTC 2018] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/Neilpang/acme.sh
v2.8.0
[Wed Nov  7 02:24:45 UTC 2018] _main_domain='mydomain.com'
[Wed Nov  7 02:24:45 UTC 2018] _alt_domains='no'
[Wed Nov  7 02:24:45 UTC 2018] Using config home:/root/.acme.sh
[Wed Nov  7 02:24:45 UTC 2018] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[Wed Nov  7 02:24:45 UTC 2018] _ACME_SERVER_HOST='acme-v01.api.letsencrypt.org'
[Wed Nov  7 02:24:45 UTC 2018] DOMAIN_PATH='/root/.acme.sh/mydomain.com'
[Wed Nov  7 02:24:45 UTC 2018] 'nginx:' does not contain 'dns'
[Wed Nov  7 02:24:45 UTC 2018] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Wed Nov  7 02:24:45 UTC 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Wed Nov  7 02:24:45 UTC 2018] GET
[Wed Nov  7 02:24:45 UTC 2018] url='https://acme-v01.api.letsencrypt.org/directory'
[Wed Nov  7 02:24:45 UTC 2018] timeout=
[Wed Nov  7 02:24:45 UTC 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.GIoVHnSCa1  -g '
[Wed Nov  7 02:24:45 UTC 2018] ret='0'
[Wed Nov  7 02:24:45 UTC 2018] response='{
  "3a9F9LUaRsk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "key-change": "https://acme-v01.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "terms-of-service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "new-authz": "https://acme-v01.api.letsencrypt.org/acme/new-authz",
  "new-cert": "https://acme-v01.api.letsencrypt.org/acme/new-cert",
  "new-reg": "https://acme-v01.api.letsencrypt.org/acme/new-reg",
  "revoke-cert": "https://acme-v01.api.letsencrypt.org/acme/revoke-cert"
}'
[Wed Nov  7 02:24:45 UTC 2018] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Wed Nov  7 02:24:45 UTC 2018] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Wed Nov  7 02:24:45 UTC 2018] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Wed Nov  7 02:24:45 UTC 2018] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Wed Nov  7 02:24:45 UTC 2018] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Wed Nov  7 02:24:45 UTC 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Wed Nov  7 02:24:45 UTC 2018] ACME_NEW_NONCE
[Wed Nov  7 02:24:45 UTC 2018] ACME_VERSION
[Wed Nov  7 02:24:45 UTC 2018] Le_NextRenewTime
[Wed Nov  7 02:24:45 UTC 2018] _on_before_issue
[Wed Nov  7 02:24:45 UTC 2018] _chk_main_domain='mydomain.com'
[Wed Nov  7 02:24:45 UTC 2018] _chk_alt_domains
[Wed Nov  7 02:24:45 UTC 2018] 'nginx:' does not contain 'no'
[Wed Nov  7 02:24:45 UTC 2018] Le_LocalAddress
[Wed Nov  7 02:24:45 UTC 2018] d='mydomain.com'
[Wed Nov  7 02:24:45 UTC 2018] Check for domain='mydomain.com'
[Wed Nov  7 02:24:45 UTC 2018] _currentRoot='nginx:'
[Wed Nov  7 02:24:45 UTC 2018] d
[Wed Nov  7 02:24:45 UTC 2018] 'nginx:' does not contain 'apache'
[Wed Nov  7 02:24:45 UTC 2018] _saved_account_key_hash='uL6svuopx9eclISV0w9uo6FRgO+mHyq/LEATJnDG+gY='
[Wed Nov  7 02:24:45 UTC 2018] _saved_account_key_hash is not changed, skip register account.
[Wed Nov  7 02:24:45 UTC 2018] Read key length:
[Wed Nov  7 02:24:45 UTC 2018] _createcsr
[Wed Nov  7 02:24:45 UTC 2018] domain='mydomain.com'
[Wed Nov  7 02:24:45 UTC 2018] domainlist
[Wed Nov  7 02:24:45 UTC 2018] csrkey='/root/.acme.sh/mydomain.com/mydomain.com.key'
[Wed Nov  7 02:24:45 UTC 2018] csr='/root/.acme.sh/mydomain.com/mydomain.com.csr'
[Wed Nov  7 02:24:45 UTC 2018] csrconf='/root/.acme.sh/mydomain.com/mydomain.com.csr.conf'
[Wed Nov  7 02:24:45 UTC 2018] Single domain='mydomain.com'
[Wed Nov  7 02:24:45 UTC 2018] _is_idn_d='mydomain.com'
[Wed Nov  7 02:24:45 UTC 2018] _idn_temp
[Wed Nov  7 02:24:45 UTC 2018] _csr_cn='mydomain.com'
[Wed Nov  7 02:24:45 UTC 2018] Getting domain auth token for each domain
[Wed Nov  7 02:24:45 UTC 2018] d='mydomain.com'
[Wed Nov  7 02:24:45 UTC 2018] Getting webroot for domain='mydomain.com'
[Wed Nov  7 02:24:45 UTC 2018] _w='nginx:'
[Wed Nov  7 02:24:45 UTC 2018] _currentRoot='nginx:'
[Wed Nov  7 02:24:45 UTC 2018] Getting new-authz for domain='mydomain.com'
[Wed Nov  7 02:24:45 UTC 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Wed Nov  7 02:24:45 UTC 2018] Try new-authz for the 0 time.
[Wed Nov  7 02:24:45 UTC 2018] _is_idn_d='mydomain.com'
[Wed Nov  7 02:24:45 UTC 2018] _idn_temp
[Wed Nov  7 02:24:45 UTC 2018] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Wed Nov  7 02:24:45 UTC 2018] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "mydomain.com"}}'
[Wed Nov  7 02:24:45 UTC 2018] RSA key
[Wed Nov  7 02:24:45 UTC 2018] _URGLY_PRINTF
[Wed Nov  7 02:24:45 UTC 2018] xargs
[Wed Nov  7 02:24:45 UTC 2018] _URGLY_PRINTF
[Wed Nov  7 02:24:45 UTC 2018] xargs
[Wed Nov  7 02:24:45 UTC 2018] Get nonce with GET. ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[Wed Nov  7 02:24:45 UTC 2018] GET
[Wed Nov  7 02:24:45 UTC 2018] url='https://acme-v01.api.letsencrypt.org/directory'
[Wed Nov  7 02:24:45 UTC 2018] timeout=
[Wed Nov  7 02:24:45 UTC 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.PlB34xsm25  -g '
[Wed Nov  7 02:24:45 UTC 2018] ret='0'
[Wed Nov  7 02:24:45 UTC 2018] _headers='HTTP/1.1 200 OK
Server: nginx
Content-Type: application/json
Content-Length: 658
Replay-Nonce: vTbjnIQDDP0FaqFY93aKVWEcifTFDGVNTcCMY9qe2Ew
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 07 Nov 2018 02:24:45 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 07 Nov 2018 02:24:45 GMT
Connection: keep-alive
'
[Wed Nov  7 02:24:45 UTC 2018] _CACHED_NONCE='vTbjnIQDDP0FaqFY93aKVWEcifTFDGVNTcCMY9qe2Ew'
[Wed Nov  7 02:24:45 UTC 2018] nonce='vTbjnIQDDP0FaqFY93aKVWEcifTFDGVNTcCMY9qe2Ew'
[Wed Nov  7 02:24:45 UTC 2018] POST
[Wed Nov  7 02:24:45 UTC 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Wed Nov  7 02:24:45 UTC 2018] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "0iw7LLznJYIQfnszMdfjFkoUWQid4GTrzp6oPG2h5DjYlebpT8_BFPpeAvY3Bl7pR9-vfmhTXvQ0tYVr5tDLL200aFWYPouB3UG88d6X5YfW30YaLzb2itbu_dTH-jnGo6voz5cS8UfWWsVQXeJYSFm1NgG-SvaeO8ReSIhFNKZzFRX8EAF9BRWyfHRR_e2s3qB-GqGfvxioRWQDwsmmNVB0UCJhvnegySBWZllbpa1PdkdIsFnjXFT215N2bVxMrpbJxJqZ_uzXD1GfiBAC5czOI7NV_Uufx_Hol2maT1Ug6n4huSxOwuTFnsx-6ROelGaP8_lYzI7xWqObSEBeUw"}}, "protected": "eyJub25jZSI6ICJ2VGJqbklRRERQMEZhcUZZOTNhS1ZXRWNpZlRGREdWTlRjQ01ZOXFlMkV3IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAxLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctYXV0aHoiLCAiYWxnIjogIlJTMjU2IiwgImp3ayI6IHsiZSI6ICJBUUFCIiwgImt0eSI6ICJSU0EiLCAibiI6ICIwaXc3TEx6bkpZSVFmbnN6TWRmakZrb1VXUWlkNEdUcnpwNm9QRzJoNURqWWxlYnBUOF9CRlBwZUF2WTNCbDdwUjktdmZtaFRYdlEwdFlWcjV0RExMMjAwYUZXWVBvdUIzVUc4OGQ2WDVZZlczMFlhTHpiMml0YnVfZFRILWpuR282dm96NWNTOFVmV1dzVlFYZUpZU0ZtMU5nRy1TdmFlTzhSZVNJaEZOS1p6RlJYOEVBRjlCUld5ZkhSUl9lMnMzcUItR3FHZnZ4aW9SV1FEd3NtbU5WQjBVQ0podm5lZ3lTQldabGxicGExUGRrZElzRm5qWEZUMjE1TjJiVnhNcnBiSnhKcVpfdXpYRDFHZmlCQUM1Y3pPSTdOVl9VdWZ4X0hvbDJtYVQxVWc2bjRodVN4T3d1VEZuc3gtNlJPZWxHYVA4X2xZekk3eFdxT2JTRUJlVXcifX0", "payload": "eyJyZXNvdXJjZSI6ICJuZXctYXV0aHoiLCAiaWRlbnRpZmllciI6IHsidHlwZSI6ICJkbnMiLCAidmFsdWUiOiAiaG9ybmV0dHJhY2suY29tIn19", "signature": "DzjiaMOw2441Pf-xm_Q86rSpD4ZbQEOF3q9NmHd18IgLDoPwCF-KNmF1SA6Nmc4kMklVdr7I9yTV9YmcdC0w8rUvpN1cBbBrauGoKL2vsWayG26DOQ8KQuALaQ49VXd9EvEe4VWmL80-oxYYs15iBwKvlaaN8ti_jb3cauApmaOAaGymJk8j9SZt8aN3Ksz7B3CXviJoxit_c0MYK4PfSBQfadUiJZyIvVbV6Gq7OyFRe3p_7CfvqZ8u2NVeot79TqWAVVucDQiV7xIIPpwXmChWNG0f8okslF8qFjpRg9yb5NL4RxNaETAbSgPzQsOMWtOls43GNpHoqd0ZMyc8ow"}'
[Wed Nov  7 02:24:45 UTC 2018] _postContentType='application/jose+json'
[Wed Nov  7 02:24:45 UTC 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.OFv74X93tb  -g '
[Wed Nov  7 02:24:46 UTC 2018] _ret='0'
[Wed Nov  7 02:24:46 UTC 2018] original='{
  "identifier": {
    "type": "dns",
    "value": "mydomain.com"
  },
  "status": "pending",
  "expires": "2018-11-14T02:24:46Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/tklAVvEFKRmEEWiwKOfDNhNOKtGE9xcp2eJPHY5ygN8/9032999469",
      "token": "8XafZuL8NjuzYpZkFKCToCAlNrUmuk_CUM3nUw9jiLk"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/tklAVvEFKRmEEWiwKOfDNhNOKtGE9xcp2eJPHY5ygN8/9032999470",
      "token": "bGKTwaWllb4PyqctSB4cW-aZsfBbWdlyPY60EWLnqug"
    },
    {
      "type": "http-01",
      "status": "pending",
      "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/tklAVvEFKRmEEWiwKOfDNhNOKtGE9xcp2eJPHY5ygN8/9032999471",
      "token": "ZJyRNe0WZEHlOdjmGumFuHq9vUszxDYbAKAI36PPowY"
    }
  ],
  "combinations": [
    [
      0
    ],
    [
      1
    ],
    [
      2
    ]
  ]
}'
[Wed Nov  7 02:24:46 UTC 2018] responseHeaders='HTTP/1.1 100 Continue
Expires: Wed, 07 Nov 2018 02:24:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 201 Created
Server: nginx
Content-Type: application/json
Content-Length: 994
Boulder-Requester: 45257976
Link: <https://acme-v01.api.letsencrypt.org/acme/new-cert>;rel="next"
Location: https://acme-v01.api.letsencrypt.org/acme/authz/tklAVvEFKRmEEWiwKOfDNhNOKtGE9xcp2eJPHY5ygN8
Replay-Nonce: ffXcghQyqddR-TaU34-_S7P9phV7fp5-vxP7bt4YHqA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 07 Nov 2018 02:24:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 07 Nov 2018 02:24:46 GMT
Connection: keep-alive
'
[Wed Nov  7 02:24:46 UTC 2018] response='{"identifier":{"type":"dns","value":"mydomain.com"},"status":"pending","expires":"2018-11-14T02:24:46Z","challenges":[{"type":"dns-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/tklAVvEFKRmEEWiwKOfDNhNOKtGE9xcp2eJPHY5ygN8/9032999469","token":"8XafZuL8NjuzYpZkFKCToCAlNrUmuk_CUM3nUw9jiLk"},{"type":"tls-alpn-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/tklAVvEFKRmEEWiwKOfDNhNOKtGE9xcp2eJPHY5ygN8/9032999470","token":"bGKTwaWllb4PyqctSB4cW-aZsfBbWdlyPY60EWLnqug"},{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/tklAVvEFKRmEEWiwKOfDNhNOKtGE9xcp2eJPHY5ygN8/9032999471","token":"ZJyRNe0WZEHlOdjmGumFuHq9vUszxDYbAKAI36PPowY"}],"combinations":[[0],[1],[2]]}'
[Wed Nov  7 02:24:46 UTC 2018] code='201'
[Wed Nov  7 02:24:46 UTC 2018] The new-authz request is ok.
[Wed Nov  7 02:24:46 UTC 2018] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/tklAVvEFKRmEEWiwKOfDNhNOKtGE9xcp2eJPHY5ygN8/9032999471","token":"ZJyRNe0WZEHlOdjmGumFuHq9vUszxDYbAKAI36PPowY"'
[Wed Nov  7 02:24:46 UTC 2018] token='ZJyRNe0WZEHlOdjmGumFuHq9vUszxDYbAKAI36PPowY'
[Wed Nov  7 02:24:46 UTC 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/tklAVvEFKRmEEWiwKOfDNhNOKtGE9xcp2eJPHY5ygN8/9032999471'
[Wed Nov  7 02:24:46 UTC 2018] keyauthorization='ZJyRNe0WZEHlOdjmGumFuHq9vUszxDYbAKAI36PPowY.gBPAzF4bAFhAmDQ89LvaN7Q5dJhxvJga1XESkkIIcG4'
[Wed Nov  7 02:24:46 UTC 2018] dvlist='mydomain.com#ZJyRNe0WZEHlOdjmGumFuHq9vUszxDYbAKAI36PPowY.gBPAzF4bAFhAmDQ89LvaN7Q5dJhxvJga1XESkkIIcG4#https://acme-v01.api.letsencrypt.org/acme/challenge/tklAVvEFKRmEEWiwKOfDNhNOKtGE9xcp2eJPHY5ygN8/9032999471#http-01#nginx:'
[Wed Nov  7 02:24:46 UTC 2018] d
[Wed Nov  7 02:24:46 UTC 2018] vlist='mydomain.com#ZJyRNe0WZEHlOdjmGumFuHq9vUszxDYbAKAI36PPowY.gBPAzF4bAFhAmDQ89LvaN7Q5dJhxvJga1XESkkIIcG4#https://acme-v01.api.letsencrypt.org/acme/challenge/tklAVvEFKRmEEWiwKOfDNhNOKtGE9xcp2eJPHY5ygN8/9032999471#http-01#nginx:,'
[Wed Nov  7 02:24:46 UTC 2018] d='mydomain.com'
[Wed Nov  7 02:24:46 UTC 2018] ok, let's start to verify
[Wed Nov  7 02:24:46 UTC 2018] Verifying:mydomain.com
[Wed Nov  7 02:24:46 UTC 2018] d='mydomain.com'
[Wed Nov  7 02:24:46 UTC 2018] keyauthorization='ZJyRNe0WZEHlOdjmGumFuHq9vUszxDYbAKAI36PPowY.gBPAzF4bAFhAmDQ89LvaN7Q5dJhxvJga1XESkkIIcG4'
[Wed Nov  7 02:24:46 UTC 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/tklAVvEFKRmEEWiwKOfDNhNOKtGE9xcp2eJPHY5ygN8/9032999471'
[Wed Nov  7 02:24:46 UTC 2018] _currentRoot='nginx:'
[Wed Nov  7 02:24:46 UTC 2018] Nginx mode for domain:mydomain.com
[Wed Nov  7 02:24:46 UTC 2018] _croot='nginx:'
[Wed Nov  7 02:24:46 UTC 2018] _start_f
[Wed Nov  7 02:24:46 UTC 2018] find start conf from nginx command
[Wed Nov  7 02:24:46 UTC 2018] NGINX_CONF='--conf-path=/etc/nginx/nginx.conf'
[Wed Nov  7 02:24:46 UTC 2018] NGINX_CONF='/etc/nginx/nginx.conf'
[Wed Nov  7 02:24:46 UTC 2018] Found nginx conf file:/etc/nginx/nginx.conf
[Wed Nov  7 02:24:46 UTC 2018] Start detect nginx conf for mydomain.com from:/etc/nginx/nginx.conf
[Wed Nov  7 02:24:46 UTC 2018] Start _checkConf from:/etc/nginx/nginx.conf
[Wed Nov  7 02:24:46 UTC 2018] single
[Wed Nov  7 02:24:46 UTC 2018] _isRealNginxConf mydomain.com /etc/nginx/nginx.conf
[Wed Nov  7 02:24:46 UTC 2018] Try include files
[Wed Nov  7 02:24:46 UTC 2018] check included /etc/nginx/mime.types
[Wed Nov  7 02:24:46 UTC 2018] Start _checkConf from:/etc/nginx/mime.types
 not found. 02:24:46 UTC 2018] /etc/nginx/mime.types
[Wed Nov  7 02:24:46 UTC 2018] check included /etc/nginx/conf.d/django_nginx.conf
[Wed Nov  7 02:24:46 UTC 2018] Start _checkConf from:/etc/nginx/conf.d/django_nginx.conf
 not found. 02:24:46 UTC 2018] /etc/nginx/conf.d/django_nginx.conf
[Wed Nov  7 02:24:46 UTC 2018] Can not find conf file for domain mydomain.com
[Wed Nov  7 02:24:46 UTC 2018] pid
[Wed Nov  7 02:24:46 UTC 2018] No need to restore nginx, skip.
[Wed Nov  7 02:24:46 UTC 2018] _clearupdns
[Wed Nov  7 02:24:46 UTC 2018] skip dns.
[Wed Nov  7 02:24:46 UTC 2018] _on_issue_err
[Wed Nov  7 02:24:46 UTC 2018] Please add '--debug' or '--log' to check more details.
[Wed Nov  7 02:24:46 UTC 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Wed Nov  7 02:24:46 UTC 2018] _chk_vlist='mydomain.com#ZJyRNe0WZEHlOdjmGumFuHq9vUszxDYbAKAI36PPowY.gBPAzF4bAFhAmDQ89LvaN7Q5dJhxvJga1XESkkIIcG4#https://acme-v01.api.letsencrypt.org/acme/challenge/tklAVvEFKRmEEWiwKOfDNhNOKtGE9xcp2eJPHY5ygN8/9032999471#http-01#nginx:,'
[Wed Nov  7 02:24:46 UTC 2018] start to deactivate authz
[Wed Nov  7 02:24:46 UTC 2018] tigger domain validation.
[Wed Nov  7 02:24:46 UTC 2018] _t_url='https://acme-v01.api.letsencrypt.org/acme/challenge/tklAVvEFKRmEEWiwKOfDNhNOKtGE9xcp2eJPHY5ygN8/9032999471'[Wed Nov  7 02:24:46 UTC 2018] _t_key_authz='ZJyRNe0WZEHlOdjmGumFuHq9vUszxDYbAKAI36PPowY.gBPAzF4bAFhAmDQ89LvaN7Q5dJhxvJga1XESkkIIcG4'
[Wed Nov  7 02:24:46 UTC 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/tklAVvEFKRmEEWiwKOfDNhNOKtGE9xcp2eJPHY5ygN8/9032999471'
[Wed Nov  7 02:24:46 UTC 2018] payload='{"resource": "challenge", "keyAuthorization": "ZJyRNe0WZEHlOdjmGumFuHq9vUszxDYbAKAI36PPowY.gBPAzF4bAFhAmDQ89LvaN7Q5dJhxvJga1XESkkIIcG4"}'
[Wed Nov  7 02:24:46 UTC 2018] Use cached jwk for file: /root/.acme.sh/ca/acme-v01.api.letsencrypt.org/account.key
[Wed Nov  7 02:24:46 UTC 2018] Use _CACHED_NONCE='ffXcghQyqddR-TaU34-_S7P9phV7fp5-vxP7bt4YHqA'
[Wed Nov  7 02:24:46 UTC 2018] nonce='ffXcghQyqddR-TaU34-_S7P9phV7fp5-vxP7bt4YHqA'
[Wed Nov  7 02:24:46 UTC 2018] POST
[Wed Nov  7 02:24:46 UTC 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/tklAVvEFKRmEEWiwKOfDNhNOKtGE9xcp2eJPHY5ygN8/9032999471'
[Wed Nov  7 02:24:46 UTC 2018] body='{"header": {"alg": "RS256", "jwk": {"e": "AQAB", "kty": "RSA", "n": "0iw7LLznJYIQfnszMdfjFkoUWQid4GTrzp6oPG2h5DjYlebpT8_BFPpeAvY3Bl7pR9-vfmhTXvQ0tYVr5tDLL200aFWYPouB3UG88d6X5YfW30YaLzb2itbu_dTH-jnGo6voz5cS8UfWWsVQXeJYSFm1NgG-SvaeO8ReSIhFNKZzFRX8EAF9BRWyfHRR_e2s3qB-GqGfvxioRWQDwsmmNVB0UCJhvnegySBWZllbpa1PdkdIsFnjXFT215N2bVxMrpbJxJqZ_uzXD1GfiBAC5czOI7NV_Uufx_Hol2maT1Ug6n4huSxOwuTFnsx-6ROelGaP8_lYzI7xWqObSEBeUw"}}, "protected": "eyJub25jZSI6ICJmZlhjZ2hReXFkZFItVGFVMzQtX1M3UDlwaFY3ZnA1LXZ4UDdidDRZSHFBIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAxLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbGVuZ2UvdGtsQVZ2RUZLUm1FRVdpd0tPZkROaE5PS3RHRTl4Y3AyZUpQSFk1eWdOOC85MDMyOTk5NDcxIiwgImFsZyI6ICJSUzI1NiIsICJqd2siOiB7ImUiOiAiQVFBQiIsICJrdHkiOiAiUlNBIiwgIm4iOiAiMGl3N0xMem5KWUlRZm5zek1kZmpGa29VV1FpZDRHVHJ6cDZvUEcyaDVEallsZWJwVDhfQkZQcGVBdlkzQmw3cFI5LXZmbWhUWHZRMHRZVnI1dERMTDIwMGFGV1lQb3VCM1VHODhkNlg1WWZXMzBZYUx6YjJpdGJ1X2RUSC1qbkdvNnZvejVjUzhVZldXc1ZRWGVKWVNGbTFOZ0ctU3ZhZU84UmVTSWhGTktaekZSWDhFQUY5QlJXeWZIUlJfZTJzM3FCLUdxR2Z2eGlvUldRRHdzbW1OVkIwVUNKaHZuZWd5U0JXWmxsYnBhMVBka2RJc0ZualhGVDIxNU4yYlZ4TXJwYkp4SnFaX3V6WEQxR2ZpQkFDNWN6T0k3TlZfVXVmeF9Ib2wybWFUMVVnNm40aHVTeE93dVRGbnN4LTZST2VsR2FQOF9sWXpJN3hXcU9iU0VCZVV3In19", "payload": "eyJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLCAia2V5QXV0aG9yaXphdGlvbiI6ICJaSnlSTmUwV1pFSGxPZGptR3VtRnVIcTl2VXN6eERZYkFLQUkzNlBQb3dZLmdCUEF6RjRiQUZoQW1EUTg5THZhTjdRNWRKaHh2SmdhMVhFU2trSUljRzQifQ", "signature": "BiIHqiIwCToxlLFn0ZUgcBNjNw3GoRv_F4HIxv1qHl-nz1aUyMLblGsAw09bZw3xG6dpNTa3Ol-f9u8iFcFS1eP7tiX7jytGx55VYFoYoLdmDpb_dYp7Tovdg34cWIdQpswJxWGPy4oLERTjgksiUo46vaPJY30ikv1OOeCeP7xAMq6kX1YtDoIM5c_myVM8RVDyAfgTHcfSK1RWEFoSSIHnpWJT4GSSv-w7FPQ77NEMWb4T9Y_7Tp9QJeiK-s8pqwzg_5R2SaDVJ2-c-qCKmlzEkjKrtp1Et1oqz56r9my_82BsO6Rwf3oCdhlUY-0mzmqaSXYC2jvo1Q_WrP3yww"}'
[Wed Nov  7 02:24:46 UTC 2018] _postContentType='application/jose+json'
[Wed Nov  7 02:24:46 UTC 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header  --trace-ascii /tmp/tmp.jSUm6nqnp4  -g '
[Wed Nov  7 02:24:46 UTC 2018] _ret='0'
[Wed Nov  7 02:24:46 UTC 2018] original='{
  "type": "http-01",
  "status": "pending",
  "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/tklAVvEFKRmEEWiwKOfDNhNOKtGE9xcp2eJPHY5ygN8/9032999471",
  "token": "ZJyRNe0WZEHlOdjmGumFuHq9vUszxDYbAKAI36PPowY",
  "keyAuthorization": "ZJyRNe0WZEHlOdjmGumFuHq9vUszxDYbAKAI36PPowY.gBPAzF4bAFhAmDQ89LvaN7Q5dJhxvJga1XESkkIIcG4"
}'
[Wed Nov  7 02:24:46 UTC 2018] responseHeaders='HTTP/1.1 100 Continue
Expires: Wed, 07 Nov 2018 02:24:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache

HTTP/1.1 202 Accepted
Server: nginx
Content-Type: application/json
Content-Length: 336
Boulder-Requester: 45257976
Link: <https://acme-v01.api.letsencrypt.org/acme/authz/tklAVvEFKRmEEWiwKOfDNhNOKtGE9xcp2eJPHY5ygN8>;rel="up"
Location: https://acme-v01.api.letsencrypt.org/acme/challenge/tklAVvEFKRmEEWiwKOfDNhNOKtGE9xcp2eJPHY5ygN8/9032999471
Replay-Nonce: sd16Mn7dJJPPsxysJwpRRcM5Fh8deaQJRxNrBeYlhvY
Expires: Wed, 07 Nov 2018 02:24:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 07 Nov 2018 02:24:46 GMT
Connection: keep-alive
'
[Wed Nov  7 02:24:46 UTC 2018] response='{"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/tklAVvEFKRmEEWiwKOfDNhNOKtGE9xcp2eJPHY5ygN8/9032999471","token":"ZJyRNe0WZEHlOdjmGumFuHq9vUszxDYbAKAI36PPowY","keyAuthorization":"ZJyRNe0WZEHlOdjmGumFuHq9vUszxDYbAKAI36PPowY.gBPAzF4bAFhAmDQ89LvaN7Q5dJhxvJga1XESkkIIcG4"}'
[Wed Nov  7 02:24:46 UTC 2018] code='202'
[Wed Nov  7 02:24:47 UTC 2018] socat doesn't exists.
[Wed Nov  7 02:24:47 UTC 2018] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.0f  25 May 2017
apache:
apache doesn't exists.
nginx:
nginx version: nginx/1.10.3
built with OpenSSL 1.1.0f  25 May 2017
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-2tpxfc/nginx-1.10.3=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-auth-pam --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-dav-ext-module --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-echo --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/nginx-upstream-fair --add-dynamic-module=/build/nginx-2tpxfc/nginx-1.10.3/debian/modules/ngx_http_substitutions_filter_module
socat:
FernandoMiguel commented 5 years ago

Can you add server_name to the https block pls?

timtorChen commented 5 years ago

I add the server_name to https block, but It report the same error Can not find conf file for domain mydomain.com

FernandoMiguel commented 5 years ago

I assume you restarted nginx?

timtorChen commented 5 years ago

I run acme.sh under no nginx service running in the docker I build my own.

Dockerfile

FROM debian:stretch

WORKDIR /code

RUN apt-get update;\
    apt-get update && apt-get install nginx curl cron -y > /dev/null

ADD . .
RUN cp nginx.conf /etc/nginx/nginx.conf; \
    cp uwsgi_params /etc/nginx/uwsgi_params; \
    cp django_nginx.production.conf /etc/nginx/conf.d/django_nginx.conf

RUN curl  https://get.acme.sh | sh ;\
    ln -s ~/.acme.sh/acme.sh /usr/bin/acme.sh;\
    acme.sh --upgrade

After image builded, in docker-compose It will issue the cert and run the nginx service. However, the error occur on acme.sh blocks the process.

pupattan commented 4 years ago

I am facing the same issue

thunderwin commented 4 years ago

me tooo

lasczki-da commented 4 years ago

nginx version: nginx/1.10.3 (Ubuntu)

not working with the same error (Can not find conf file for domain...):

acme.sh --issue --nginx -d example.org -w /var/www/html/example.org/

suddenly working:

acme.sh --issue -d example.org -w /var/www/html/example.org/

4815162342lost commented 3 years ago

Same issue on old Ununtu 12.04: nginx version: nginx/1.8.1

4815162342lost commented 3 years ago

I implemented a workaround: Created /tmp/1/ . Disabled real nginx config and activated fake site:

server {
    listen      443 ssl;
    server_name  mysite;
    ssl_certificate /etc/nginx/ssl/cert.crt;
    ssl_certificate_key /etc/nginx/ssl/priv.key;
    ssl_session_timeout  5m;
    ssl_protocols   TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SH
A256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    keepalive_timeout 65;

    location / {
    alias /tmp/1/;
    index 1.txt;
    include proxy_params;
   }
}

After run following command: acme.sh --issue -d mysite -w /tmp/1/

And i got a certificate!

Job79 commented 3 years ago

Changing an include in the nginx config to a relative path fixed the issue for me. See also #1743

Before

include http.d/*.conf

After

include /etc/nginx/http.d/*.conf
Neilpang commented 3 years ago

please try again with latest dev branch:

acme.sh --upgrade -b dev
HanggiAnggono commented 3 years ago

i have solved this using the --nginx option, so it became like this

acme.sh --issue --nginx /etc/nginx/sites-enabled/myconfig -d mydomain.com

xvv6u577 commented 3 years ago

i have solved this using the --nginx option, so it became like this

acme.sh --issue --nginx /etc/nginx/sites-enabled/myconfig -d mydomain.com

Thx! fixed for me.

llxcyzgh commented 2 years ago

acme.sh --issue -d mydomain.com --nginx /usr/local/nginx/conf/vhost/mydomain.conf

add the complete conf file fine for me

cheeye commented 2 years ago

i have the same issue, even with the complete conf file in the command.

ChR-iSz commented 1 year ago

Same issue here. I try since 3 days with this... Nothing works....

cbagpipe commented 1 year ago

struggling at this too Last log

[Thu 02 Feb 2023 09:02:26 AM MSK] Start _checkConf from:/etc/nginx/modules-enabled/70-mod-stream-geoip.conf
[Thu 02 Feb 2023 09:02:26 AM MSK] single
[Thu 02 Feb 2023 09:02:26 AM MSK] _isRealNginxConf somedomain.is /etc/nginx/modules-enabled/70-mod-stream-geoip.conf
[Thu 02 Feb 2023 09:02:26 AM MSK] check included /etc/nginx/mime.types
[Thu 02 Feb 2023 09:02:26 AM MSK] Start _checkConf from:/etc/nginx/mime.types
[Thu 02 Feb 2023 09:02:26 AM MSK] single
[Thu 02 Feb 2023 09:02:26 AM MSK] _isRealNginxConf somedomain.is /etc/nginx/mime.types
[Thu 02 Feb 2023 09:02:26 AM MSK] check included /etc/nginx/conf.d/*.conf
[Thu 02 Feb 2023 09:02:26 AM MSK] Start _checkConf from:/etc/nginx/conf.d/*.conf
[Thu 02 Feb 2023 09:02:26 AM MSK] wildcard
[Thu 02 Feb 2023 09:02:26 AM MSK] check included /etc/nginx/sites-enabled/default
[Thu 02 Feb 2023 09:02:26 AM MSK] Start _checkConf from:/etc/nginx/sites-enabled/default
[Thu 02 Feb 2023 09:02:26 AM MSK] single
[Thu 02 Feb 2023 09:02:26 AM MSK] _isRealNginxConf somedomain.is /etc/nginx/sites-enabled/default
[Thu 02 Feb 2023 09:02:26 AM MSK] _fln='89'
[Thu 02 Feb 2023 09:02:26 AM MSK] _start='79:server {'
[Thu 02 Feb 2023 09:02:26 AM MSK] _start_n='79'
[Thu 02 Feb 2023 09:02:26 AM MSK] _start_nn='80'
[Thu 02 Feb 2023 09:02:26 AM MSK] _end
[Thu 02 Feb 2023 09:02:26 AM MSK] _seg_n='      listen 443 ssl;
        ssl_certificate /root/.acme.sh/somedomain.is/fullchain.cer; # use fullchain.cer for complete certificate
        ssl_certificate_key /root/.acme.sh/somedomain.is/somedomain.is.key; # keep this private as much as possible

        ssl_session_cache shared:SSL:20m;
        ssl_session_timeout 60m;
        ssl_prefer_server_ciphers on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

        server_name somedomain.is;

        root /var/www/somedomain.is;
        index index.html index.php;

        location / {
                try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
#               include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        }

        location ~ /\.ht {
                deny all;
        }
}'
[Thu 02 Feb 2023 09:02:26 AM MSK] ssl on, skip
[Thu 02 Feb 2023 09:02:26 AM MSK] Can not find conf file for domain somedomain.is
[Thu 02 Feb 2023 09:02:26 AM MSK] pid
[Thu 02 Feb 2023 09:02:26 AM MSK] No need to restore nginx, skip.
[Thu 02 Feb 2023 09:02:26 AM MSK] _clearupdns
[Thu 02 Feb 2023 09:02:26 AM MSK] dns_entries
[Thu 02 Feb 2023 09:02:26 AM MSK] skip dns.
[Thu 02 Feb 2023 09:02:26 AM MSK] _on_issue_err
[Thu 02 Feb 2023 09:02:26 AM MSK] Please check log file for more details: /root/.acme.sh/acme.sh.log
[Thu 02 Feb 2023 09:02:26 AM MSK] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/2345678'
[Thu 02 Feb 2023 09:02:26 AM MSK] payload='{}'
[Thu 02 Feb 2023 09:02:26 AM MSK] POST
[Thu 02 Feb 2023 09:02:26 AM MSK] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/23456789'
[Thu 02 Feb 2023 09:02:26 AM MSK] _CURL='curl --silent --dump-header /root/.acme.sh/http.header  -L  -g '
[Thu 02 Feb 2023 09:02:27 AM MSK] _ret='0'
[Thu 02 Feb 2023 09:02:27 AM MSK] code='200'

Any suggestions?

esbozos commented 1 year ago

I was just facing this issue with nginx too. After reading the acme.sh code and log, here is what is required to work with nginx mode. You need a server nginx entry that meet the following: No ssl on or listen 443 ssl; No redirect to https://$host; No default returns as 404;

REPLACE your_domain.ext to your real domain

example:

server {
    server_name your_domain.ext; # include many as required for single ssl file.
    listen 80;
}

# others servers can be present 
server {
   server_name your_domain.ext;
  listen 443 ssl; #  This is ok is you already have a SSL certficate set
  ssl_certifate /path_to_full_chain.cer; # will be your target after get the ssl cert.
  ssl_certificate_key /path_to_cer_key;
}

When you get success SSL cert. You can edit your server to redirect to ssl for default:

REMEMBER EDIT BACK WHEN RENEW IS REQUIRED IN NGINX MODE

server {
    server_name your_domain.ext; # include many as required for single ssl file.
    listen 80;
   # conditional check for SSL domains, redirect to https protocol. 
    if ($host = your_domain.ext) {
        return 301 https://$host$request_uri;
    }
   ...
}
reno commented 1 year ago

Still getting the same error

esbozos commented 1 year ago

Just remove any conf from enable sites folder... and create a new file with server listen 80 and your server_name; Issue the cert and restore you config file. This is useful for issue the cert without stop your Nginx server. 

server {
    server_name your_domain.ext;
    listen 80;
}
Muzych commented 6 months ago

Just remove any conf from enable sites folder... and create a new file with server listen 80 and your server_name; Issue the cert and restore you config file. This is useful for issue the cert without stop your Nginx server.

server {
    server_name your_domain.ext;
    listen 80;
}

Works for me. Thx!

chjiyun commented 2 months ago

I change to webroot pattern and make it! Just add location code in domain.conf 

location ^~ /.well-known/acme-challenge/ {
     root /home/webroot;
}

then: acme.sh --issue -w /home/webroot -d domain.com