Le's encrypt authentication failed on renewing on bbb 2.6.5
91 views
Skip to first unread message
Aman Patyal
Jul 22, 2023, 7:23:07 AM7/22/23
to BigBlueButton-dev
I am getting the following issue, while renewing the cert " sudo certbot renew "
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing
/etc/letsencrypt/renewal/****stream.northeurope.cloudapp.azure.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ****tream.northeurope.cloudapp.azure.com
Using the webroot path /var/www/bigbluebutton-default/assets for all unmatched domains.
Waiting for verification...
Challenge failed for domain ****stream.northeurope.cloudapp.azure.com
http-01 challenge for ****stream.northeurope.cloudapp.azure.com
Cleaning up challenges
Attempting to renew cert (****stream.northeurope.cloudapp.azure.com) from /etc/letsencrypt/renewal/****stream.northeurope.cloudapp.azure.com.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/****stream.northeurope.cloudapp.azure.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/****tream.northeurope.cloudapp.azure.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: ****stream.northeurope.cloudapp.azure.com
Type: unauthorized
Detail: 4.231.172.177: Invalid response from
http://****tream.northeurope.cloudapp.azure.com/.well-known/acme-challenge/5QIMPX9-sztObCsAWAYYEpOWd2YX4T5yrQigbusf3Gs:
404
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing
/etc/letsencrypt/renewal/****stream.northeurope.cloudapp.azure.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ****tream.northeurope.cloudapp.azure.com
Using the webroot path /var/www/bigbluebutton-default/assets for all unmatched domains.
Waiting for verification...
Challenge failed for domain ****stream.northeurope.cloudapp.azure.com
http-01 challenge for ****stream.northeurope.cloudapp.azure.com
Cleaning up challenges
Attempting to renew cert (****stream.northeurope.cloudapp.azure.com) from /etc/letsencrypt/renewal/****stream.northeurope.cloudapp.azure.com.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/****stream.northeurope.cloudapp.azure.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/****tream.northeurope.cloudapp.azure.com/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: ****stream.northeurope.cloudapp.azure.com
Type: unauthorized
Detail: 4.231.172.177: Invalid response from
http://****tream.northeurope.cloudapp.azure.com/.well-known/acme-challenge/5QIMPX9-sztObCsAWAYYEpOWd2YX4T5yrQigbusf3Gs:
404
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
///////
And here's my file
/etc/nginx/sites-available/bigbluebutton
server_tokens off;
server {
listen 80;
listen [::]:80;
server_name ****tream.northeurope.cloudapp.azure.com;
location ^~ / {
return 301 https://$server_name$request_uri; #redirect HTTP to HTTPS
}
location ^~ /.well-known/acme-challenge/ {
allow all;
default_type "text/plain";
root /var/www/bigbluebutton-default;
}
location = /.well-known/acme-challenge/ {
return 404;
}
}
set_real_ip_from 127.0.0.1;
real_ip_header proxy_protocol;
real_ip_recursive on;
server {
# this double listenting is intended. We terminate SSL on haproxy. HTTP2 is a
# binary protocol. haproxy has to decide which protocol is spoken. This is
# negotiated by ALPN.
#
# Depending on the ALPN value traffic is redirected to either port 82 (HTTP2,
# ALPN value h2) or 81 (HTTP 1.0 or HTTP 1.1, ALPN value http/1.1 or no value)
listen 127.0.0.1:82 http2 proxy_protocol;
listen [::1]:82 http2;
listen 127.0.0.1:81 proxy_protocol;
listen [::1]:81;
server_name ****stream.northeurope.cloudapp.azure.com;
# HSTS (comment out to enable)
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log /var/log/nginx/bigbluebutton.access.log;
# BigBlueButton landing page.
location / {
root /var/www/bigbluebutton-default/assets;
try_files $uri @bbb-fe;
}
# Include specific rules for record and playback
include /etc/bigbluebutton/nginx/*.nginx;
}
~
server {
listen 80;
listen [::]:80;
server_name ****tream.northeurope.cloudapp.azure.com;
location ^~ / {
return 301 https://$server_name$request_uri; #redirect HTTP to HTTPS
}
location ^~ /.well-known/acme-challenge/ {
allow all;
default_type "text/plain";
root /var/www/bigbluebutton-default;
}
location = /.well-known/acme-challenge/ {
return 404;
}
}
set_real_ip_from 127.0.0.1;
real_ip_header proxy_protocol;
real_ip_recursive on;
server {
# this double listenting is intended. We terminate SSL on haproxy. HTTP2 is a
# binary protocol. haproxy has to decide which protocol is spoken. This is
# negotiated by ALPN.
#
# Depending on the ALPN value traffic is redirected to either port 82 (HTTP2,
# ALPN value h2) or 81 (HTTP 1.0 or HTTP 1.1, ALPN value http/1.1 or no value)
listen 127.0.0.1:82 http2 proxy_protocol;
listen [::1]:82 http2;
listen 127.0.0.1:81 proxy_protocol;
listen [::1]:81;
server_name ****stream.northeurope.cloudapp.azure.com;
# HSTS (comment out to enable)
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
access_log /var/log/nginx/bigbluebutton.access.log;
# BigBlueButton landing page.
location / {
root /var/www/bigbluebutton-default/assets;
try_files $uri @bbb-fe;
}
# Include specific rules for record and playback
include /etc/bigbluebutton/nginx/*.nginx;
}
~
Fred Dixon
Jul 23, 2023, 6:55:59 AM7/23/23
to bigblueb...@googlegroups.com
Hi Aman,
For
Change
location ^~ /.well-known/acme-challenge/ {
allow all;
default_type "text/plain";
root /var/www/bigbluebutton-default;
}
allow all;
default_type "text/plain";
root /var/www/bigbluebutton-default;
}
to
location ^~ /.well-known/acme-challenge/ {
allow all;
default_type "text/plain";
allow all;
default_type "text/plain";
root /var/www/bigbluebutton-default/assets;
}
}
Restart nginx and try doing `sudo certbot renew` again.
Regards,.. Fred
--
You received this message because you are subscribed to the Google Groups "BigBlueButton-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bigbluebutton-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bigbluebutton-dev/de72d0de-bfd6-4568-8e8b-93ec390f0fcan%40googlegroups.com.
Co-founder BigBlueButton
Reply all
Reply to author
Forward
Message has been deleted
0 new messages