nginx_location.conf -> location /.well-known/acme-challenge/ always causing 404 for acme-challenge

[Balazs23]

I just playing with the example configuration, cloned this repo - https://github.com/fatk/docker-letsencrypt-nginx-proxy-companion-examples - and configured with a test url like 'dev.test.site.com'.

the acme challanges were always failed:

letsencrypt-nginx-proxy-companion    | 2016/12/19 12:03:59 Received signal: terminated
letsencrypt-nginx-proxy-companion    | 2016/12/19 12:03:59 Received signal: terminated
letsencrypt-nginx-proxy-companion    | 2016/12/19 12:04:02 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/update_certs'
letsencrypt-nginx-proxy-companion    | 2016/12/19 12:04:02 Watching docker events
letsencrypt-nginx-proxy-companion    | Reloading nginx proxy (using separate container nginx-gen)...
letsencrypt-nginx-proxy-companion    | 2016/12/19 12:04:02 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/update_certs'
letsencrypt-nginx-proxy-companion    | Creating/renewal dev.test.site.com certificates... (dev.test.site.com)
letsencrypt-nginx-proxy-companion    | 2016-12-19 12:04:03,319:INFO:simp_le:1211: Generating new account key
letsencrypt-nginx-proxy-companion    | 2016-12-19 12:04:04,820:INFO:requests.packages.urllib3.connectionpool:756: Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
letsencrypt-nginx-proxy-companion    | 2016-12-19 12:04:05,436:INFO:requests.packages.urllib3.connectionpool:756: Starting new HTTPS connection (1): letsencrypt.org
letsencrypt-nginx-proxy-companion    | 2016-12-19 12:04:06,446:INFO:requests.packages.urllib3.connectionpool:207: Starting new HTTP connection (1): dev.test.site.com
letsencrypt-nginx-proxy-companion    | 2016-12-19 12:04:06,472:WARNING:simp_le:1303: dev.test.site.com was not successfully self-verified. CA is likely to fail as well!
letsencrypt-nginx-proxy-companion    | 2016-12-19 12:04:06,698:INFO:simp_le:1313: Generating new certificate private key
letsencrypt-nginx-proxy-companion    | 2016-12-19 12:04:09,685:ERROR:simp_le:1271: CA marked some of the authorizations as invalid, which likely means it could not access http://example.com/.well-known/acme-challenge/X. Did you set correct path in -d example.com:path or --default_root? Is there a warning log entry about unsuccessful self-verification? Are all your domains accessible from the internet? Failing authorizations: https://acme-v01.api.letsencrypt.org/acme/authz/k8nebPmh3hSORfdNao9RJNf7lO5m-YY4G2I5N3eXh_k
letsencrypt-nginx-proxy-companion    | Challenge validation has failed, see error log.
letsencrypt-nginx-proxy-companion    |
letsencrypt-nginx-proxy-companion    | Debugging tips: -v improves output verbosity. Help is available under --help.
letsencrypt-nginx-proxy-companion    | Sleep for 3600s

The problem was, nginx says HTTP 404

nginx                            | dev.test.site.com 172.19.0.1 - - [19/Dec/2016:12:04:06 +0000] "GET /.well-known/acme-challenge/ML2dYN0tmKtoxKNIR9SMqiPHAScQEwtglUJZk1KW2ab HTTP/1.0" 404 169 "-" "python-requests/2.8.1"
nginx                            | dev.test.site.com 172.19.0.1 - - [19/Dec/2016:12:04:06 +0000] "GET /.well-known/acme-challenge/ML2dYN0tmKtoxKNIR9SMqiPHAScQEwtglUJZk1KW2ab HTTP/1.0" 404 169 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)"

despite the challange file is exists:

/usr/share/nginx/html/.well-known/acme-challenge/ML2dYN0tmKtoxKNIR9SMqiPHAScQEwtglUJZk1KW2ab

I found, the problem is with the vhost.d/default.conf file:

location /.well-known/acme-challenge/ {
	    allow all;
	    root /usr/share/nginx/html;
	    try_files $uri =404;
	    break;
	}

after I change the location config for this:

location ~ /\.well-known/acme-challenge/ {
	    allow all;
	    root /usr/share/nginx/html;
	    try_files $uri =404;
	    break;
	}

Now the nginx able find the challenge files in /usr/share/nginx/html/.well-known/acme-challenge/ folder and the cert generating and verifying is going well

[joeknock90]

This doesn't fix the problem for me. I edited the nginx_location.conf in the container and I get the same error for all of my containers.

[Rid]

I've forked and fixed the packages required to get this working again, you need to swap out docker-gen for https://hub.docker.com/r/riid/docker-gen-multi/ and swap out docker-letsencrypt-nginx-proxy-companion for https://hub.docker.com/r/riid/docker-letsencrypt-nginx-proxy-companion-multi/

You can use all the previous settings, however I've also added the feature to watch multiple docker endpoints on the same host.

[thiagotalma]

@Rid Would not it be better if you tried to collaborate with the original project rather than create a "clone"?

[Rid]

@thiagotalma I don't think the dev is currently active, I'm happy to make a PR if he's around, but judging by the lack of response he may be busy

[pasgou]

I use the @Rid fork and a fork i made to correct this project in the alastaircoote/docker-letsencrypt-nginx-proxy-companion fork.
My pull request includes the @Rid work and permits to reduce the docker image size :

alastaircoote#2

I'd welcome advices.

[JrCs]

@Rid can you make a PR for this project ?

[pasgou]

Hello
I made a PR here : alastaircoote#2 and it includes the @Rid work.

How to make the same PR here?

Update : PR proposed