При выполнении команды sudo certbot --nginx выдает:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: sub1.domain.com
2: sub2.domain.com
3: sub3.domain.com
4: sub4.domain.com
5: sub5.domain.com
6: sub6.domain.com
7: sub7.domain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 7
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for sub7.domain.com
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. sub7.domain.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://sub7.domain.com/.well-known/acme-challenge/suPcnp-SmqQ5gJxkRCk_FiIpkYFzBkwmxgMBQfGRF0s [127.0.0.1]: "<html>\r\n<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>400 B"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: sub7.domain.com
Type: unauthorized
Detail: Invalid response from
http://sub7.domain.com/.well-known/acme-challenge/suPcnp-SmqQ5gJxkRCk_FiIpkYFzBkwmxgMBQfGRF0s
[127.0.0.1]: "<html>\r\n<head><title>400 The plain HTTP request
was sent to HTTPS port</title></head>\r\n<body
bgcolor=\"white\">\r\n<center><h1>400 B"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Хотя до этого на аналогичном конфиге nginx
server {
listen 80;
server_name sub7.domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name sub7.domain.com;
root /path/to/root/folder;
index index.php;
client_max_body_size 512m;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location /app/ {
root /path/to/root/folder;
index index.html;
}
location = /robots.txt {
log_not_found off;
access_log off;
allow all;
}
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
}
large_client_header_buffers 4 32k;
}
все получилось без проблем.
Соответствующие А-записи на поддомен есть, по https сайт открывается, по http возвращает "400 bad request: The plain HTTP request was sent to HTTPS port".
Wget sub7.domain.com возвращает
http://sub7.domain.com/
Resolving sub7.domain.com (sub7.domain.com)... 127.0.0.1
Connecting to sub7.domain.com (sub7.domain.com)|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://sub7.domain.com/ [following]
--2020-01-16 10:07:57-- https://sub7.domain.com/
Connecting to sub7.domain.com (sub7.domain.com)|127.0.0.1|:443... connected.
The certificate's owner does not match hostname ‘sub7.domain.com’
