Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vlad Sklyar2018-08-09 19:10:12
Nginx
Vlad Sklyar, 2018-08-09 19:10:12

How to get a certificate for a subdomain?

There is a server on Nginx. The server is running a site with a certificate from Let's Encrypt
I installed phpMyAdmin and decided to make it a subdomain, here is the Nginx config:

server {
  listen 80 http2;
  listen [::]:80 http2;
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  
  root /usr/share/phpmyadmin/;
  index index.php;
  autoindex off;
  server_name phpmyadmin.site.ru www.phpmyadmin.site.ru;

  ssl_certificate /home/Webserver/site.ru/SSL/fullchain.pem;
  ssl_certificate_key /home/Webserver/site.ru/SSL/privkey.pem;
  ssl_trusted_certificate /home/Webserver/site.ru/SSL/chain.pem;

  location ^~ /.well-known/acme-challenge/ {
    default_type "text/plain";
    root /usr/share/phpmyadmin/;
  }

  location = /.well-known/acme-challenge/ {
    return 404;
  }

  location ~ /\.ht {
    deny all;
  }
  
  location / {
    try_files $uri $uri/ =404;
  }
  
  location ~ \.php$ {
    root /usr/share/phpmyadmin/;
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass unix:/run/php/php-fpm-site.ru.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
  }
}

Of course, I created the /.well-known/acme-challenge/ directory in /usr/share/phpmyadmin and directed DNS to the subdomain and waited an hour.
After that, I try to expand with the command:
certbot certonly --dry-run --webroot -w /usr/share/phpmyadmin/ --expand -d phpmyadmin.site.ru -d www.phpmyadmin.site.ru

But the bot throws an error:
Failed authorization procedure. phpmyadmin.site.ru (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://phpmyadmin.site.ru/.well-known/acme-challenge/f0VCqUCbl1UC23M92EwElY4OcICO5gV48bKjRIiZxqw: Error getting validation data, www.phpmyadmin.site.ru (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.phpmyadmin.site.ru/.well-known/acme-challenge/AoIxyKLTCL7gzbnH9s7qhaNMPUveA71kMWzZsIxCO3M: Error getting validation data

Judging by the error, he can not access, but I do not understand why?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
K
ky0, 2018-08-09
@ky0

Beat on HTTP 2.0, leaving in the block responsible for port 80 only the location for LE verification and an unconditional redirect to HTTPS:

server {
        listen 80;

        location /.well-known/acme-challenge {
                root /usr/share/phpmyadmin;
        }

        location / {
        rewrite ^/(.*) https://$host/$1;
        }
}

Similar questions
T
Templar3d2020-10-08 22:20:03
How to whitelist images with nginx after 30 days? 0Reply
A
Alghazanth2016-07-15 12:51:42
How to properly configure proxy_pass in conjunction with rewrite? 0Reply
K
klim8882018-12-14 14:18:05
Nginx after adding ssl, one location "driving around", where to look? 0Reply
I
Ilya2018-12-15 21:38:06
How to organize subdomains in NuxtJs + nginx? 1Reply
L
Laid2018-12-16 17:34:20
Module page speed from Google to put on a proxy? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question