Letsencrypt "Invalid response" error during renewal due to http/https redirection
If you configure your Nginx to redirect all http traffic to https, it might interfere with letsencrypt renewal. Example:
server { listen 80; listen [::]:80; return 301 https://$host$request_uri; }
You will get a message such as the following when the renew is executed:
Attempting to renew cert (domain.com) from /etc/letsencrypt/renewal/domain.conf produced an unexpected error: Failed authorization procedure. domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response
This is caused by the renewal authorization file (located at /.well-known/acme-challenge) is not accessible in http protocol. You can add a special location block to walk-around this.
server { listen 80; listen [::]:80; location /.well-known/acme-challenge/ { root /path/to/app/public; } location / { return 301 https://$host$request_uri; } }
Note that the path to app public directory needs to match with your renewal conf file. The conf file is located at: /etc/letsencrypt/renewal
AI Summary
Chrome On-device AI
2024-10-04 23:01:32
Share Article