Error report Challenge failed for domain

[234146326]

nginx.conf:

upstream fastcgi_backend {
    # use tcp connection
    server  php-fpm:9000;
    # or socket
    # server   unix:/run/php/php7.3-fpm.sock;
}

server {
    listen 80 default;
    server_name xx.com;
    server_tokens off;
#    client_max_body_size 108M;

    access_log /var/log/nginx/application.access.log;
    error_log /var/log/nginx/application.error.log  error;

    #root /application/public/pub;
    set $MAGE_ROOT /application/public;
    # include /application/public/nginx.conf.sample;
    #index index.php;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://$host$request_uri;
    }

#    if (!-e $request_filename) {
#        rewrite ^.*$ /index.php last;
#    }

#    location ~ \.php$ {
#        fastcgi_pass php-fpm:9000;
#        fastcgi_index index.php;
#        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#        fastcgi_param PHP_VALUE "error_log=/var/log/nginx/application_php_errors.log";
#        fastcgi_buffers 16 16k;
#        fastcgi_buffer_size 32k;
#        include fastcgi_params;
#    }

}

server {
    listen 443 ssl;
    server_name xx.com;
    server_tokens off;

    ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass  http://xx.com;
        proxy_set_header    Host                $http_host;
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    }
}

Thanks for the enthusiastic reply.Thank you

@wmnnd @michal-wrzosek @mestrogov @Pixep @ynixon

[weleoka]

• Check your DNS records are pointing to the right server
• Check your server firewall is not blocking the ACME challenge process

[234146326]

• Check your DNS records are pointing to the right server
• Check your server firewall is not blocking the ACME challenge process

Thanks for your reply, I will use your suggestion tracking.

[234146326]

• Check your DNS records are pointing to the right server
• Check your server firewall is not blocking the ACME challenge process

Thanks for your reply, I will use your suggestion tracking.

DNS：

[234146326]

@weleoka @wmnnd @michal-wrzosek @mestrogov @Pixep @ynixon @DocDagbjort

No matter what I do, I can't solve this error. Hope to be concerned.Thank you

[weleoka]

You could run the nginx container standalone and see if you can access it with HTTP only from outside.

docker-compose run --service-ports --rm --entrypoint "ash" nginx. Try the command nginx from withing the container see if any feedback.

Check in another console (or in tmux window if multiplexing) that docker ps -a shows ports mapped to host from container as following:

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                                      NAMES
d90500fba632        nginx               "ash"               3 seconds ago       Up 1 second         0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   httpserve_nginx_run_d48309a4afe6

If that's ok, now try and get at a default served page for nginx... or some sort of error. Run cat /var/log/nginx/access.login your ash prompt in the container.

Curl your localhost or VPS and see if you get some sort of nginx forbidden page. curl localhost or curl 123.123.123.123. Better still: curl your VPS using it's DNS record domainname: curl my.examplemachine.com.

If this works then there's some other reason letsencrypt ceritificate signing is failing.

[234146326]

if y

Hello, multiple dockers can use nginx normally. Cannot run alone.

I have used fpm：

upstream fastcgi_backend {
    # use tcp connection
    server  php-fpm:9000;
    # or socket
    # server   unix:/run/php/php7.3-fpm.sock;
}

Run alone：

In nginx container :

@weleoka thank you for your reply。

[234146326]

You could run the nginx container standalone and see if you can access it with HTTP only from outside.

docker-compose run --service-ports --rm --entrypoint "ash" nginx. Try the command nginx from withing the container see if any feedback.

Check in another console (or in tmux window if multiplexing) that docker ps -a shows ports mapped to host from container as following:

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                                      NAMES
d90500fba632        nginx               "ash"               3 seconds ago       Up 1 second         0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   httpserve_nginx_run_d48309a4afe6

If that's ok, now try and get at a default served page for nginx... or some sort of error. Run cat /var/log/nginx/access.login your ash prompt in the container.

Curl your localhost or VPS and see if you get some sort of nginx forbidden page. curl localhost or curl 123.123.123.123. Better still: curl your VPS using it's DNS record domainname: curl my.examplemachine.com.

If this works then there's some other reason letsencrypt ceritificate signing is failing.

if y

Hello, multiple dockers can use nginx normally. Cannot run alone.

I have used fpm：

upstream fastcgi_backend {
    # use tcp connection
    server  php-fpm:9000;
    # or socket
    # server   unix:/run/php/php7.3-fpm.sock;
}

Run alone：

In nginx container :

@weleoka thank you for your reply。

I# I solved this problem through the following process；

1. Initialize nginx.conf to:

server {
    listen 80;
    server_name <xx.com>;
    server_tokens off;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}

2. ./init-letsencrypt.sh > No accident, I encountered the following error.

execution ：

ifconfig eth0 mtu 1300

3 ./init-letsencrypt.sh > Successfully generated data directory

4. Reconfigure Nginx.conf.

谢谢 @weleoka Provide valuable responses.Thanks everyone.

[weleoka]

Mark resolved.

[uyscuti-wiki]

Thanks @234146326, you're a life saver!

[jbingel]

You could run the nginx container standalone and see if you can access it with HTTP only from outside.

docker-compose run --service-ports --rm --entrypoint "ash" nginx. Try the command nginx from withing the container see if any feedback.

Check in another console (or in tmux window if multiplexing) that docker ps -a shows ports mapped to host from container as following:

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                                      NAMES
d90500fba632        nginx               "ash"               3 seconds ago       Up 1 second         0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   httpserve_nginx_run_d48309a4afe6

If that's ok, now try and get at a default served page for nginx... or some sort of error. Run cat /var/log/nginx/access.login your ash prompt in the container.

Curl your localhost or VPS and see if you get some sort of nginx forbidden page. curl localhost or curl 123.123.123.123. Better still: curl your VPS using it's DNS record domainname: curl my.examplemachine.com.

If this works then there's some other reason letsencrypt ceritificate signing is failing.

@weleoka can you be more specific as to what the "other reason letsencrypt ceritificate signing is failing" might be? All of this works for me, but eventually I still get a Challenged failed for my domain.

EDIT nevermind, the problem was this one: https://github.com/wmnnd/nginx-certbot/issues/86#issue-678535209