Let's encrypt renewel with phoenix 1.4 and cowboy 2.0

Phoenix Forum Questions / Help
, , ,
1

Hey guys.

I’m following this: https://progressplum.app/blog/ssl-migration-from-nginx-to-cowboy-2-in-phoenix-1-4/

And I can’t seem to renew it.

I’m getting an unauthorize error.

My webroot I use is base on /etc/letsencrypt/letsencrypt.ini

and the command I’m using, before setting it up as a cron job, is:

sudo certbot renew --webroot --webroot-path=/home/deploy/apps/fumigate/lib/fumigate-0.1.0/priv/static

The error message it returns is:

   Domain: fumigatedb.com
   Type:   unauthorized
   Detail: Invalid response from
   https://fumigatedb.com/.well-known/acme-challenge/3YOTJBhQ8UzOB2K78V6eFLaizgrInLx_jdCCnnhJgXc
   [134.209.8.141]: "<!DOCTYPE html>\n<html lang=\"en\">\n  <head>\n
   <meta charset=\"utf-8\"/>\n    <meta http-equiv=\"X-UA-Compatible\"
   content=\"IE=edge\"/>"

I’ve tried it in dev environment to get one of the controller response send_resp(conn, 200, "Not Valid") and that works. I can’t work dev to get the valid response because my dev environment and prod is different with different ip.

So I’m working on prod live. I’ve been working at this for a day and I’ve tried creating .well-known/acme-challenge folders in the webroot too.

I’m not sure if there is something wrong with my route when dev environment it can reach it.

The phoenix app is listening on 4000 port and 4001, all incoming 80 and 81 are routed there via iptables if that matter.

Anyway thanks!

1 Like
2

If you create a file (ie echo hello > foo ) in your acme-challenge directory and hit the expected url with curl, do you get the contents?

On a slight tangent, I used to do this but moved to using haproxy for ssl layer and acme certs, forwarding http to elixir. I’ve not looked to see if there are any http/2 limits.

1 Like
3

Thank you your solution actually helps debug it.

I only get it on dev environment.

I can’t get it on on prod.

I think it may have something to do with cache_manifest.json?

I’ve tried access files in prod static folder and some of the files works robots.txt, etc… I’ve also try adding a line in robots.txt to see if it’s the correct folder that prod is using and it is correct.

So either phoenix is selectively letting certain files in static folder to be access or letencrypt bot have no permission (I doubt it with sudo).

Ah I think I need to add an endpont qhttps://elixirforum.com/t/static-path-in-custom-folder/1990/2`