search

caktus / margarita

A collection of delicious Salt states for Django project deployments.
BSD 3-Clause "New" or "Revised" License
34 stars 8 forks source link

LetsEncrypt doesn't work if HTTP Auth is on #124

Closed vkurup closed 8 years ago

vkurup commented 8 years ago

I suppose we need to turn off HTTP Auth for the `.well-known' directory.

vkurup commented 8 years ago

This was the error that I got when trying this on a site that had HTTP Auth enabled (duckling-staging):

/root/letsencrypt/letsencrypt/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:315: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning.
  SNIMissingWarning
/root/letsencrypt/letsencrypt/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
Failed authorization procedure. duckling-staging.caktusgroup.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://duckling-staging.caktusgroup.com/.well-known/acme-challenge/z66GMlKd0fFY_zVMMbGm1pBxL3pCaFjPniA5uKZVpKY: 401
out:               stdout:
Checking for new version...
Upgrading letsencrypt-auto 0.4.1 to 0.4.2...
Replacing letsencrypt-auto...
   cp -p /var/www/duckling/letsencrypt/letsencrypt-auto /tmp/tmp.EBFeZy92U9/letsencrypt-auto.permission-clone
   cp /tmp/tmp.EBFeZy92U9/letsencrypt-auto /tmp/tmp.EBFeZy92U9/letsencrypt-auto.permission-clone
   mv -f /tmp/tmp.EBFeZy92U9/letsencrypt-auto.permission-clone /var/www/duckling/letsencrypt/letsencrypt-auto
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Requesting root privileges to run letsencrypt...
   /root/letsencrypt/letsencrypt/bin/letsencrypt certonly --webroot --webroot-path /var/www/duckling/public -d duckling-staging.caktusgroup.com --email=duckling@caktusgroup.com --agree-tos
IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: duckling-staging.caktusgroup.com
   Type:   unauthorized
   Detail: Invalid response from http://duckling-
   staging.caktusgroup.com/.well-known/acme-
   challenge/z66GMlKdffFY_zVMMbG31pBxL3pCaFj2niA5uKZVpKY
   401

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.
vkurup commented 8 years ago

Closing, because this was entirely an issue of nginx not properly reloading after a configuration change.