Closed vkurup closed 8 years ago
This was the error that I got when trying this on a site that had HTTP Auth enabled (duckling-staging):
/root/letsencrypt/letsencrypt/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:315: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning.
SNIMissingWarning
/root/letsencrypt/letsencrypt/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
Failed authorization procedure. duckling-staging.caktusgroup.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://duckling-staging.caktusgroup.com/.well-known/acme-challenge/z66GMlKd0fFY_zVMMbGm1pBxL3pCaFjPniA5uKZVpKY: 401
out: stdout:
Checking for new version...
Upgrading letsencrypt-auto 0.4.1 to 0.4.2...
Replacing letsencrypt-auto...
cp -p /var/www/duckling/letsencrypt/letsencrypt-auto /tmp/tmp.EBFeZy92U9/letsencrypt-auto.permission-clone
cp /tmp/tmp.EBFeZy92U9/letsencrypt-auto /tmp/tmp.EBFeZy92U9/letsencrypt-auto.permission-clone
mv -f /tmp/tmp.EBFeZy92U9/letsencrypt-auto.permission-clone /var/www/duckling/letsencrypt/letsencrypt-auto
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Requesting root privileges to run letsencrypt...
/root/letsencrypt/letsencrypt/bin/letsencrypt certonly --webroot --webroot-path /var/www/duckling/public -d duckling-staging.caktusgroup.com --email=duckling@caktusgroup.com --agree-tos
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: duckling-staging.caktusgroup.com
Type: unauthorized
Detail: Invalid response from http://duckling-
staging.caktusgroup.com/.well-known/acme-
challenge/z66GMlKdffFY_zVMMbG31pBxL3pCaFj2niA5uKZVpKY
401
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
Closing, because this was entirely an issue of nginx not properly reloading after a configuration change.
I suppose we need to turn off HTTP Auth for the `.well-known' directory.