Try add in your nginx "vhost" as the first line: Alias /.well-known/acme-challenge /path/to/acme/.well-known/acme-challenge ProxyPassMatch ^/\.well-known !
I have this same error with ProxyPass inside apache vhost which proxying to node application backend. In letsencrypt logs I have this same what you. 2018-04-02 17:38 GMT+02:00 Alex JOST <jost+li...@dimejo.at>: > Am 02.04.2018 um 14:25 schrieb Jeff Abrahamson: > >> I'm handling mail for several domains, let's call them a.com, b.com, >> and c.com. I have certificates for each of these domains individually >> via certbot (letsencrypt) and nginx is happy with all of that. >> >> Since I initially configured the site to handle mail only for a.com, >> my /etc/postfix/main.cf file currently has these two lines: >> >> smtpd_tls_cert_file = /etc/letsencrypt/live/mail.a.com/fullchain.pem >> smtpd_tls_key_file = /etc/letsencrypt/live/mail.a.com/privkey.pem >> >> But I see that mail test tools are reporting that MX for b.com and >> c.com are misconfigured due to an SSL name mismatch. Indeed, this is >> true! >> >> So I believe I should generate a multi-site SSL cert. I try this: >> >> sudo certbot certonly --cert-name postfix --webroot \ >> --webroot-path /var/www/a-com -d www.a.com -d a.com -d mail.a.com >> \ >> --webroot-path /var/www/b-com -d www.b.com -d b.com \ >> --webroot-path /var/www/c-com -d www.c.com -d c.com >> >> And that fails with a bunch of errors like this: >> >> Domain: www.a.com >> Type: unauthorized >> Detail: Invalid response from >> http://www.a.com/.well-known/acme-challenge/IT7-YURAep4bniD >> 9zYpKpdRUBQcgCRJ6FflmZzWQGNg: >> "<html> >> <head><title>404 Not Found</title></head> >> <body bgcolor="white"> >> <center><h1>404 Not Found</h1></center> >> <hr><center>" >> >> I see that the file >> >> .well-known/acme-challenge/IT7-YURAep4bniD9zYpKpdRUBQcgCRJ6 >> FflmZzWQGNg >> >> is being created (and one other file, too) but that nginx reports that >> the _directory_ >> >> .well-known/acme-challenge/IT7-YURAep4bniD9zYpKpdRUBQcgCRJ6 >> FflmZzWQGNg >> >> doesn't exist. >> >> Multi-site + letsencrypt + postfix is a subject that has recently >> changed quite a bit, so I'm suspecting my web reading is merely >> leading me astray. It is also entirely possible I've misunderstood >> things about SSL certificates. Any pointers how to generate (or point >> to) the certificates that I need to make those who contact my postfix >> instance happy with their SSL conversation? >> >> Thanks! >> >> > You can use 1 directory to create certificates for multiple virtual hosts. > Copy the config below to all the virtual host config you want to use in > your certificate (or use 'includes'). > > user@server:~$ cat /etc/nginx/sites-enabled/a-com > server { > [...] > > location ~ /.well-known { > location ~ /.well-known/acme-challenge/(.*) { > root /usr/share/nginx/html; > add_header Content-Type application/jose+json; > } > allow all; > try_files $uri $uri/ =404; > } > } > > > After reloading nginx you can create a new certificate by providing only 1 > webroot directory. > > user@server:~$ sudo certbot certonly --cert-name postfix \ > --webroot -w /usr/share/nginx/html \ > -d www.a.com -d a.com -d mail.a.com \ > -d www.b.com -d b.com \ > -d www.c.com -d c.com > > -- > Alex JOST > -- *Pozdrawiam / Best Regards* *Piotr Bracha*
