Error report Challenge failed for domain

[234146326]

nginx.conf:

upstream fastcgi_backend {
    # use tcp connection
    server  php-fpm:9000;
    # or socket
    # server   unix:/run/php/php7.3-fpm.sock;
}


server {
    listen 80 default;
    server_name xx.com;
    server_tokens off;
#    client_max_body_size 108M;

    access_log /var/log/nginx/application.access.log;
    error_log /var/log/nginx/application.error.log  error;

    #root /application/public/pub;
    set $MAGE_ROOT /application/public;
    # include /application/public/nginx.conf.sample;
    #index index.php;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://$host$request_uri;
    }

#    if (!-e $request_filename) {
#        rewrite ^.*$ /index.php last;
#    }

#    location ~ \.php$ {
#        fastcgi_pass php-fpm:9000;
#        fastcgi_index index.php;
#        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#        fastcgi_param PHP_VALUE "error_log=/var/log/nginx/application_php_errors.log";
#        fastcgi_buffers 16 16k;
#        fastcgi_buffer_size 32k;
#        include fastcgi_params;
#    }
    
}

server {
    listen 443 ssl;
    server_name xx.com;
    server_tokens off;

    ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass  http://xx.com;
        proxy_set_header    Host                $http_host;
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    }
}

Thanks for the enthusiastic reply.Thank you

@wmnnd @michal-wrzosek @mestrogov @Pixep @ynixon

[weleoka]

• Check your DNS records are pointing to the right server
• Check your server firewall is not blocking the ACME challenge process

[234146326]

• Check your DNS records are pointing to the right server
• Check your server firewall is not blocking the ACME challenge process

Thanks for your reply, I will use your suggestion tracking.

[234146326]

• Check your DNS records are pointing to the right server
• Check your server firewall is not blocking the ACME challenge process

Thanks for your reply, I will use your suggestion tracking.

DNS：

[234146326]

@weleoka @wmnnd @michal-wrzosek @mestrogov @Pixep @ynixon @DocDagbjort

No matter what I do, I can't solve this error. Hope to be concerned.Thank you

[weleoka]

You could run the nginx container standalone and see if you can access it with HTTP only from outside.

docker-compose run --service-ports --rm --entrypoint "ash" nginx. Try the command nginx from withing the container see if any feedback.

Check in another console (or in tmux window if multiplexing) that docker ps -a shows ports mapped to host from container as following:

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                                      NAMES
d90500fba632        nginx               "ash"               3 seconds ago       Up 1 second         0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   httpserve_nginx_run_d48309a4afe6

If that's ok, now try and get at a default served page for nginx... or some sort of error. Run cat /var/log/nginx/access.log in your ash prompt in the container.

Curl your localhost or VPS and see if you get some sort of nginx forbidden page. curl localhost or curl 123.123.123.123. Better still: curl your VPS using it's DNS record domainname: curl my.examplemachine.com.

If this works then there's some other reason letsencrypt ceritificate signing is failing.

[234146326]

if y

Hello, multiple dockers can use nginx normally. Cannot run alone.

I have used fpm：

upstream fastcgi_backend {
    # use tcp connection
    server  php-fpm:9000;
    # or socket
    # server   unix:/run/php/php7.3-fpm.sock;
}

Run alone：

In nginx container :

@weleoka thank you for your reply。

[234146326]

You could run the nginx container standalone and see if you can access it with HTTP only from outside.

docker-compose run --service-ports --rm --entrypoint "ash" nginx. Try the command nginx from withing the container see if any feedback.

Check in another console (or in tmux window if multiplexing) that docker ps -a shows ports mapped to host from container as following:

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                                      NAMES
d90500fba632        nginx               "ash"               3 seconds ago       Up 1 second         0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   httpserve_nginx_run_d48309a4afe6

If that's ok, now try and get at a default served page for nginx... or some sort of error. Run cat /var/log/nginx/access.log in your ash prompt in the container.

Curl your localhost or VPS and see if you get some sort of nginx forbidden page. curl localhost or curl 123.123.123.123. Better still: curl your VPS using it's DNS record domainname: curl my.examplemachine.com.

If this works then there's some other reason letsencrypt ceritificate signing is failing.

if y

Hello, multiple dockers can use nginx normally. Cannot run alone.

I have used fpm：

upstream fastcgi_backend {
    # use tcp connection
    server  php-fpm:9000;
    # or socket
    # server   unix:/run/php/php7.3-fpm.sock;
}

Run alone：

In nginx container :

@weleoka thank you for your reply。

#I# I solved this problem through the following process；

1. Initialize nginx.conf to:

server {
    listen 80;
    server_name <xx.com>;
    server_tokens off;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}

2. ./init-letsencrypt.sh > No accident, I encountered the following error.

execution ：

ifconfig eth0 mtu 1300

3 ./init-letsencrypt.sh > Successfully generated data directory

4. Reconfigure Nginx.conf.

谢谢 @weleoka Provide valuable responses.Thanks everyone.

[weleoka]

Mark resolved.

[uyscuti-wiki]

Thanks @234146326, you're a life saver!

[jbingel]

You could run the nginx container standalone and see if you can access it with HTTP only from outside.

docker-compose run --service-ports --rm --entrypoint "ash" nginx. Try the command nginx from withing the container see if any feedback.

Check in another console (or in tmux window if multiplexing) that docker ps -a shows ports mapped to host from container as following:

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                                      NAMES
d90500fba632        nginx               "ash"               3 seconds ago       Up 1 second         0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp   httpserve_nginx_run_d48309a4afe6

If that's ok, now try and get at a default served page for nginx... or some sort of error. Run cat /var/log/nginx/access.log in your ash prompt in the container.

Curl your localhost or VPS and see if you get some sort of nginx forbidden page. curl localhost or curl 123.123.123.123. Better still: curl your VPS using it's DNS record domainname: curl my.examplemachine.com.

If this works then there's some other reason letsencrypt ceritificate signing is failing.

@weleoka can you be more specific as to what the "other reason letsencrypt ceritificate signing is failing" might be? All of this works for me, but eventually I still get a Challenged failed for my domain.

EDIT nevermind, the problem was this one: https://github.com/wmnnd/nginx-certbot/issues/86#issue-678535209