SYSTEM INFORMATION | |
---|---|
OS type and version | almalinux 8.5 |
Virtualmin version | 6.17 |
Hi, I am trying to test letsencrypt because it is failed on an nginx reverse proxy domain.
I have 2 questions:
- How to use letsencrypt test server on a previously have a valid letsencrypt cert, using virtualmin interface or certbot CLI? (this will help me and potentially others trying to achieve same goal).
- What is wrong with my nginx conf below that makes certbot unable to do temp file check? (this should be the solution of problem I have)
This is what I get if I request test cert on my domain:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
You’ve asked to renew/replace a seemingly valid certificate with a test certificate (domains: domain). We will not do that unless you use the --break-my-certs flag!
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
here is my nginx conf for that domain:
/etc/nginx/sites-available/ns.domain.sch.id.conf
server {
server_name ns.domain.sch.id www.ns.domain.sch.id;
listen 139.162.63.198;
root /home/dpomainschid/domains/nsdomain.sch.id/public_html;
index index.php index.htm index.html;
access_log /var/log/virtualmin/ns.domain.sch.id_access_log;
error_log /var/log/virtualmin/ns.domain.sch.id_error_log;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass "https://127.0.0.1:10000";
proxy_set_header Host $host; # MAGIC
}
location ^~ /.well-known/acme-challenge/ {
allow all;
root /home/domainschid/domains/ns.domain.sch.id/public_html/.well-known/acme-challenge/;
default_type "text/plain";
try_files $uri =404;
}
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME /home/domainschid/domains/ns.domain.sch.id/public_html$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT /home/domainschid/domains/ns.domain.sch.id/public_html;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS $https;
location ~ \.php(/|$) {
try_files $uri $fastcgi_script_name =404;
fastcgi_pass unix:/var/php-nginx/16367117031031149.sock/socket;
}
fastcgi_split_path_info ^(.+\.php)(/.+)$;
listen 139.162.63.198:443 ssl http2;
ssl_certificate /home/domainschid/domains/ns.domain.sch.id/ssl.cert;
ssl_certificate_key /home/domainschid/domains/ns.domain.sch.id/ssl.key;
}