search

mitchellkrogza / nginx-ultimate-bad-bot-blocker

Nginx Block Bad Bots, Spam Referrer Blocker, Vulnerability Scanners, User-Agents, Malware, Adware, Ransomware, Malicious Sites, with anti-DDOS, Wordpress Theme Detector Blocking and Fail2Ban Jail for Repeat Offenders
Other
3.81k stars 472 forks source link

https://www.letsencrypt.org (CertBot renewal is being blocked 444) #554

Closed arhyneRWU closed 3 months ago

arhyneRWU commented 4 months ago

Paste the full Domain name / Referrer String here

GET /.well-known/acme-challenge

Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)

Paste the full Referrer String here (paste in between the ```     ``` markers)

Is this for Addition / Removal?

Post Log Excerpt to show User-Agent behavior (10-20 lines is enough)


 [21/Feb/2024:23:11:49 -0500] "GET /.well-known/acme-challenge/ HTTP/1.1" 444 0 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"

Additional information

Add any other context about the problem here.

Not sure how long this has been occurring.

mitchellkrogza commented 4 months ago

Please paste a full section of log file. The blocker never has and never will block Lets Encrypt thousands of people use this including myself and no such blocking of LE occurs

arhyneRWU commented 3 months ago

Hi, I just commented out deny.conf in the nginx conf and got it to renew.

Perhaps the issue is how I have the certbot .well-known set up

    # Include bot blocker configuration
    include /etc/nginx/bots.d/blockbots.conf;
    include /etc/nginx/bots.d/ddos.conf;
    include /etc/nginx/deny.d/deny.conf;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot/;
    }

in deny.conf the .well-known is set up this way:

        location /.well-known/acme-challenge {
        allow all;
        default_type "text/plain";
        root         /tmp/letsencrypt;
        autoindex    on;
        }
mitchellkrogza commented 3 months ago

Closing Feel free to reopen if needed