Installing Let's Encrypt on Ubuntu 16.04 running MeteorJS app


#1

I have a MeteorJS app running on my Digital Ocean server (using nginx). I have followed this tutorial to install Let’s Encrypt certificate, but it failed on this command:

sudo letsencrypt certonly -a webroot --webroot-path=/var/www/html -d luludeals.com -d www.luludeals.com

I get this error:

Failed authorization procedure. www.luludeals.com (http-01): urn:acme:error:unauthorized :: The client lacks suffic
ient authorization :: Invalid response from http://www.luludeals.com/.well-known/acme-challenge/AFx6B3zOXAm1aR0ZxyW
kOuBvlesQZRAa3ut551_u3Ms: "<!DOCTYPE html>
<html>
<head>
  <link rel="stylesheet" type="text/css" class="__meteor-css__" href="/462460ddb68331f2c370d7afc3d", luludeals.com
(http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http:/
/luludeals.com/.well-known/acme-challenge/qFLoXVN5sZaZGZvwI-uSlTQx4BXL7vXQpYmv5I72KP0: "<!DOCTYPE html>
<html>
<head>
  <link rel="stylesheet" type="text/css" class="__meteor-css__" href="/462460ddb68331f2c370d7afc3d"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: www.luludeals.com
   Type:   unauthorized
   Detail: Invalid response from http://www.luludeals.com/.well-known
   /acme-challenge/AFx6B3zOXAm1aR0ZxyWkOuBvlesQZRAa3ut551_u3Ms:
   "<!DOCTYPE html>
   <html>
   <head>
     <link rel="stylesheet" type="text/css" class="__meteor-css__"
   href="/462460ddb68331f2c370d7afc3d"

   Domain: luludeals.com
   Type:   unauthorized
   Detail: Invalid response from http://luludeals.com/.well-known
   /acme-challenge/qFLoXVN5sZaZGZvwI-uSlTQx4BXL7vXQpYmv5I72KP0:
   "<!DOCTYPE html>
   <html>
   <head>
     <link rel="stylesheet" type="text/css" class="__meteor-css__"
   href="/462460ddb68331f2c370d7afc3d"

My /etc/nginx/sites-available/default file looks like that:

# Default server configuration
#
server {
        listen 80 default_server;
        listen [::]:80 default_server;

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/luludeals;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name _;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

        location ~ /.well-known {
        allow all;
        }


        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
            #
        # location ~ \.php$ {
        # include snippets/fastcgi-php.conf;
        #
        # With php7.0-cgi alone:
        # fastcgi_pass 127.0.0.1:9000;
        # With php7.0-fpm:
        # fastcgi_pass unix:/run/php7.0-fpm.sock;
        # }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        # location ~ /\.ht {
        # deny all;
        #}
   }

Do you know how to solve this problem?
To install MeteorJS I used this tutorial


#2

It seems LetsEncrypt is hitting your actual webpage ( “<!DOCTYPE ht…” ), not the /.well-known folder, which it uses to verify the credentials.

Have you restarted nginx after you changed /etc/nginx/sites-available/default?
sudo systemctl restart nginx


#3

Yes I did it, but the problem persists. I have also tried navigating to
cd /var/www/default/.well-known/acme-challenge
and
cd /var/www/default/.well-known/
but I get
No such file or directory
error.


#4

My app serves at /var/www/luludeals/bundle if it helps


#5

I just noticed your nginx is listening to ‘default_server’

Try changing your config to:

...
   listen 80;
   server_name luludeals.com www.luludeals.com;
...

and restart nginx


#6

I had a similar issue with my app; It turned out I’d configured let’s encrypt with the wrong location for nginx on ubuntu 16.04 on DigitalOcean ( /var/www/html/ instead of /usr/share/nginx/html/ ).

Rather than reconfiguring nginx (which was working nicely) I just edited /etc/letsencrypt/renewal/mydomain.example.com.conf and changed all occurrences of

/var/www/html

to

/usr/share/nginx/html

Then I re-ran the expiry bot and it worked:

/opt/letsencrypt/letsencrypt-auto --text --non-interactive renew >> /var/log/le-renew.log

#7

I dont know why i can not install let’s encrypt on Ubuntu :frowning: im using Cloud at Amazon AWS