starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-13 23:23:32 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

Nginx Proxy: invalid with dehydrated but curl returns the validation file #163

New Issue
Closed
opened 2025-12-29 00:26:20 +01:00 by adam · 2 comments
adam commented 2025-12-29 00:26:20 +01:00
Owner
Copy Link

Originally created by @primemillet on GitHub (Nov 22, 2016).

"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:acme:error:connection",
"detail": "Could not connect to {my FQDN}",
"status": 400
},
"uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/{...........}/{......}",
"token": "Fkd6N02Swfg4NAl4QU4jWCLqOZTfSurHZJEYoXshmqQ",
"keyAuthorization": "Fkd6N02Swfg4NAl4QU4jWCLqOZTfSurHZJEYoXshmqQ.F7OM8Hn8ICS3OyZHzqHs4rYa6l6B0gkBTKROLANkrAg",
"validationRecord": [
{
"url": "http://{my domain}/.well-known/acme-challenge/Fkd6N02Swfg4NAl4QU4jWCLqOZTfSurHZJEYoXshmqQ",
"hostname": "{my domain}",
"port": "80",
"addressesResolved": [
"xxx.xxx.xxx.xxx"
],
"addressUsed": "xxx.xxx.xxx.xxx"
}
]
})

For debugging, I commented out the following:
# && rm -f "${WELLKNOWN}/${challenge_token}"

However, the curl command returns the file correctly.
$ curl -I http://{my domain}/.well-known/acme-challenge/Fkd6N02Swfg4NAl4QU4jWCLqOZTfSurHZJEYoXshmqQ
HTTP/1.1 200 OK
P..... Server
Date: Tue, 22 Nov 2016 16:27:39 GMT
Content-Type: application/octet-stream
Content-Length: 87
Last-Modified: Tue, 22 Nov 2016 16:11:26 GMT
Connection: keep-alive
ETag: "58346e2e-57"
Accept-Ranges: bytes

WELLKNOWN is configure to the challenge directory and Nginx is configured as
location /.well-known/acme-challenge {
alias /path/to/the/base/.well-known/acme-challenge;
}
What should I do to configure Nginx to get it work?
I disabled firewall, waf,...already.

Originally created by @primemillet on GitHub (Nov 22, 2016). "type": "http-01", "status": "invalid", "error": { "type": "urn:acme:error:connection", "detail": "Could not connect to {my FQDN}", "status": 400 }, "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/{...........}/{......}", "token": "Fkd6N02Swfg4NAl4QU4jWCLqOZTfSurHZJEYoXshmqQ", "keyAuthorization": "Fkd6N02Swfg4NAl4QU4jWCLqOZTfSurHZJEYoXshmqQ.F7OM8Hn8ICS3OyZHzqHs4rYa6l6B0gkBTKROLANkrAg", "validationRecord": [ { "url": "http://{my domain}/.well-known/acme-challenge/Fkd6N02Swfg4NAl4QU4jWCLqOZTfSurHZJEYoXshmqQ", "hostname": "{my domain}", "port": "80", "addressesResolved": [ "xxx.xxx.xxx.xxx" ], "addressUsed": "xxx.xxx.xxx.xxx" } ] }) For debugging, I commented out the following: #[[ "${CHALLENGETYPE}" = "http-01" ]] && rm -f "${WELLKNOWN}/${challenge_token}" However, the curl command returns the file correctly. $ curl -I http://{my domain}/.well-known/acme-challenge/Fkd6N02Swfg4NAl4QU4jWCLqOZTfSurHZJEYoXshmqQ HTTP/1.1 200 OK P..... Server Date: Tue, 22 Nov 2016 16:27:39 GMT Content-Type: application/octet-stream Content-Length: 87 Last-Modified: Tue, 22 Nov 2016 16:11:26 GMT Connection: keep-alive ETag: "58346e2e-57" Accept-Ranges: bytes WELLKNOWN is configure to the challenge directory and Nginx is configured as location /.well-known/acme-challenge { alias /path/to/the/base/.well-known/acme-challenge; } What should I do to configure Nginx to get it work? I disabled firewall, waf,...already.
adam closed this issue 2025-12-29 00:26:20 +01:00
adam commented 2025-12-29 00:26:21 +01:00
Author
Owner
Copy Link

@adduxa commented on GitHub (Nov 23, 2016):

Try

root /path/to/the/base;

in nginx config instead of

alias /path/to/the/base/.well-known/acme-challenge;
@adduxa commented on GitHub (Nov 23, 2016): Try ``` root /path/to/the/base; ``` in nginx config instead of ``` alias /path/to/the/base/.well-known/acme-challenge; ```
adam commented 2025-12-29 00:26:21 +01:00
Author
Owner
Copy Link

@primemillet commented on GitHub (Nov 27, 2016):

Thanks for your reply. However, the problem is not related to either root or alias as curl returns 200.
I have tried directives root, alias, try_files, and return without luck. I suspected that DNS name servers could be the problem. It turns out to be true. I am using a web hosting services providing cPanel with AutoSSL plugin. I have my web server running at my own IP other than the hosting company's IP. I don't know what blocks Let's Encrypt DV queries. I changed the hosting company's name servers to Cloudflare's and problem solved.

@primemillet commented on GitHub (Nov 27, 2016): Thanks for your reply. However, the problem is not related to either root or alias as curl returns 200. I have tried directives root, alias, try_files, and return without luck. I suspected that DNS name servers could be the problem. It turns out to be true. I am using a web hosting services providing cPanel with AutoSSL plugin. I have my web server running at my own IP other than the hosting company's IP. I don't know what blocks Let's Encrypt DV queries. I changed the hosting company's name servers to Cloudflare's and problem solved.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#163
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?