Changes to URL forwarding break letsencrypt

jbolger

New Member
Hi guys,

I have had a ZoneEdit hosted domain setup with letsencrypt for a couple of years now. My setup has a CNAME for www pointing to my web server DYN record (in case the web server IP changes), and I then use URL forwarding to redirect any requests to the root name to www. I use certbot with the Apache domain Authenticator, which puts a file in the web server for letsencrypt to validate you own the domain.

Previously ZoneEdit was redirecting root requests including the URL suffix, but since the last renewal (some time in the last month) certbot is failing to renew because zoneedit is 403'ing the letsencrypt request to the root domain with a suffix. eg:

Code:
jbolger@server:/etc/network# curl -v http://domain.com.au/.well-known/
* Connected to domain.com.au (1.1.1.1) port 80 (#0)
> GET /.well-known/ HTTP/1.1
> Host: domain.com.au
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Server: nginx/1.14.2
< Date: Sat, 04 Apr 2020 23:14:25 GMT
< Content-Type: text/html
< Content-Length: 169
< Connection: keep-alive
<
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.14.2</center>
</body>
</html>
* Connection #0 to host domain.com.au left intact

It appears to just be suffixes with a . in the URI as if I take out the URI it works fine?

Code:
jbolger@server:/etc/network# curl -v http://domain.com.au/well-known/
* Connected to domain.com.au (1.1.1.1) port 80 (#0)
> GET /well-known/ HTTP/1.1
> Host: domain.com.au
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 302 Found
< Server: nginx/1.14.2
< Date: Sat, 04 Apr 2020 23:13:53 GMT
< Content-Type: text/html; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Location: http://www.domain.com.au/well-known/
<
* Connection #0 to host domain.com.au left intact

I think this a configuration change on your URL forwarding service & will be causing significant issues for certbot users.

Any assistance appreciated.
 

sandy

Administrator
Staff member
Hi there

Can you please try again and let me know how it goes.,

regards
 

jbolger

New Member
Hey Sandy,

Thanks for the reply. Unfortunately I am now getting a 404 response from your ngnix web server instead of a redirect to my URL. Let me know if you want me to do any further testing?

Code:
* Connected to domain.com.au (64.68.202.11) port 80 (#0)
> GET /.well-known/acme-challenge/---- HTTP/1.1
> Host: domain.com.au
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Server: nginx/1.14.2
< Date: Tue, 07 Apr 2020 04:29:54 GMT
< Content-Type: text/html
< Content-Length: 169
< Connection: keep-alive
<
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.14.2</center>
</body>
</html>
 

sandy

Administrator
Staff member
hi again ... sorry for the delay. please try again our Dev crew have been working on this and if you still see errors please let me know.

regards.
 

jbolger

New Member
Hey Sandy,

Still getting the same. If there's a private way to send you something I can send you a URL for testing.

Cheers,
Jason
 

sandy

Administrator
Staff member
Hi Jason

yes you can send me a private message, click on my Icon and select the Start Conversation option.

regards
 
Top