nginx-certbot icon indicating copy to clipboard operation
nginx-certbot copied to clipboard

Published 20 hours ago verified publisher icon wmnnd

Unable to create certificates for multiple domains

Open CharlesRngrd opened this issue 5 years ago • 3 comments

Hi,

I would like to create SSL certificate for both a domain and a subdomain but it failed :

Performing the following challenges: http-01 challenge for api.charles.cool http-01 challenge for charles.cool http-01 challenge for www.api.charles.cool http-01 challenge for www.charles.cool Using the webroot path /var/www/certbot for all unmatched domains. Waiting for verification... Challenge failed for domain api.charles.cool Challenge failed for domain charles.cool Challenge failed for domain www.api.charles.cool Challenge failed for domain www.charles.cool

There error is the following for the 4 challenges :

Domain: api.charles.cool Type: connection Detail: Fetching http://api.charles.cool/.well-known/acme-challenge/sfqbe7iENRpKWgMpGAd_yk3J1GB2KZJHsU2QDwK-P3o: Connection refused

That is weird because when I first execute the script with domains set to (api.charles.cool www.api.charles.cool) and then set to (charles.cool www.charles.cool) it works fine.

I don't know where the error comes from...

Do you have any idea ?

Have a nice day

CharlesRngrd avatar Mar 17 '20 14:03 CharlesRngrd

Same problem

sladg avatar Mar 22 '20 13:03 sladg

I found error happens because of default nginx images doesn't supply long domain names. To fix it, you should build own image based on nginx:1.15-alpine (or newer version) and copy modified nginx.conf with added server_names_hash_bucket_size 64;.


user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    server_names_hash_bucket_size  64;
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

Don't forget to change docker-compose.yml to build and use your nginx image.

RANUX avatar Mar 24 '20 11:03 RANUX

The bash script is not properly wrote for supporting multi-domain LE certificate request. So this another small fix of init-letsencrypt.sh. hope can help.

sugenk avatar Jun 17 '20 10:06 sugenk