<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
	<id>https://htyp.org/mw/index.php?action=history&amp;feed=atom&amp;title=User%3AWoozle%2Ftoot.cat%2F2018%2F08%2F25</id>
	<title>User:Woozle/toot.cat/2018/08/25 - Revision history</title>
	<link rel="self" type="application/atom+xml" href="https://htyp.org/mw/index.php?action=history&amp;feed=atom&amp;title=User%3AWoozle%2Ftoot.cat%2F2018%2F08%2F25"/>
	<link rel="alternate" type="text/html" href="https://htyp.org/mw/index.php?title=User:Woozle/toot.cat/2018/08/25&amp;action=history"/>
	<updated>2026-07-01T04:48:54Z</updated>
	<subtitle>Revision history for this page on the wiki</subtitle>
	<generator>MediaWiki 1.45.3</generator>
	<entry>
		<id>https://htyp.org/mw/index.php?title=User:Woozle/toot.cat/2018/08/25&amp;diff=24117&amp;oldid=prev</id>
		<title>Woozle: Created page with &quot;==from Discord== &lt;poem&gt; http://tootcat2.hypertwins.net/.well-known/acme-challenge/nLguP2F142gk3WBcZm4BSF86dEp6zMs8_5nmHXADpuM is returning a 404, and just quickly I can&#039;t tell...&quot;</title>
		<link rel="alternate" type="text/html" href="https://htyp.org/mw/index.php?title=User:Woozle/toot.cat/2018/08/25&amp;diff=24117&amp;oldid=prev"/>
		<updated>2018-08-25T16:20:27Z</updated>

		<summary type="html">&lt;p&gt;Created page with &amp;quot;==from Discord== &amp;lt;poem&amp;gt; http://tootcat2.hypertwins.net/.well-known/acme-challenge/nLguP2F142gk3WBcZm4BSF86dEp6zMs8_5nmHXADpuM is returning a 404, and just quickly I can&amp;#039;t tell...&amp;quot;&lt;/p&gt;
&lt;p&gt;&lt;b&gt;New page&lt;/b&gt;&lt;/p&gt;&lt;div&gt;==from Discord==&lt;br /&gt;
&amp;lt;poem&amp;gt;&lt;br /&gt;
http://tootcat2.hypertwins.net/.well-known/acme-challenge/nLguP2F142gk3WBcZm4BSF86dEp6zMs8_5nmHXADpuM is returning a 404, and just quickly I can&amp;#039;t tell where the actual file is supposed to be.&lt;br /&gt;
I&amp;#039;ll look at it later, hopefully in a couple of hours, if I get a chance, but thought I should give you a heads-up just in case.&lt;br /&gt;
Saving debug log to /var/log/letsencrypt/letsencrypt.log&lt;br /&gt;
WoozleToday at 10:01 AM&lt;br /&gt;
Looking into this now.&lt;br /&gt;
The problem may be on the file-writing site... though I&amp;#039;m getting conflicting information...&lt;br /&gt;
Nginx is giving me the same problem Apache gives me: I can&amp;#039;t tell what file it&amp;#039;s trying to access in response to the URL.&lt;br /&gt;
WoozleToday at 11:13 AM&lt;br /&gt;
Okay, so... there&amp;#039;s a Nginx directive that&amp;#039;s not working as intended, and figuring out directive syntax is one of my major weak spots.&lt;br /&gt;
This:&amp;lt;pre&amp;gt;&lt;br /&gt;
    location ^~ /.well-known/acme-challenge/ {&lt;br /&gt;
            root /var/www/challenges;&lt;br /&gt;
        }&amp;lt;/pre&amp;gt;&lt;br /&gt;
&lt;br /&gt;
...seems like it&amp;#039;s supposed to strip out the /.well-known/acme-challenge/ from the URL, and append whatever&amp;#039;s left to /var/www/challenges.&lt;br /&gt;
So http://tootcat2.hypertwins.net/.well-known/acme-challenge/test.txt would result in an access to /var/www/challenges/test.txt.&lt;br /&gt;
But it&amp;#039;s not; it&amp;#039;s actually resulting in an access to /var/www/challenges/.well-known/acme-challenge/test.txt.&lt;br /&gt;
But this is a location I can work with, so I&amp;#039;m not going to try to understand the location directive beyond noting that this is how it is effectively working.&lt;br /&gt;
The next problem is that the certbot seems to be failing to create the test file... unless it is deleting it after the test fails, but from what I remember it doesn&amp;#039;t do that; it leaves the files in place for diagnostic purposes.&lt;br /&gt;
And the most recent test files are from back in May.&lt;br /&gt;
I changed the certbot config in Webmin so it points directly to /var/www/challenges/.well-known/acme-challenge/,  and that seems to have worked.&lt;br /&gt;
...but Firefox still says toot.cat&amp;#039;s SSL expires on Aug. 28.&lt;br /&gt;
Maybe I have to restart nginx again?&lt;br /&gt;
Or restart Mastodon?&lt;br /&gt;
Dang, what&amp;#039;s that command to check a cert from the CLI... openssl something, I think...&lt;br /&gt;
Oh good, I made notes: https://htyp.org/openssl&lt;br /&gt;
openssl s_client -connect toot.cat:443 -- okay, great, gives me lots of info that does not include the expiration date.&lt;br /&gt;
The secret code phrase is apparently: echo | openssl s_client -connect toot.cat:443 2&amp;gt;/dev/null | openssl x509 -noout -dates&lt;br /&gt;
...and this confirms that the expiry is still 3 days from now.&lt;br /&gt;
WoozleToday at 12:01 PM&lt;br /&gt;
Got it.&lt;br /&gt;
I&amp;#039;m not sure if Let&amp;#039;s Encrypt will renew properly next time, though; the config was clearly kind of messed up. I tried to tidy it, but I&amp;#039;m guessing about some pieces.&lt;br /&gt;
&amp;lt;/poem&amp;gt;&lt;/div&gt;</summary>
		<author><name>Woozle</name></author>
	</entry>
</feed>