multi-site SSL certificates

[Gedalya]

On 04/02/2018 03:17 PM, Jeff Abrahamson wrote:
> On Mon, Apr 02, 2018 at 02:34:34PM +0200, Gedalya wrote:
>> On 04/02/2018 02:25 PM, Jeff Abrahamson wrote:
>>> I see that the file
>>>
>>>     .well-known/acme-challenge/IT7-YURAep4bniD9zYpKpdRUBQcgCRJ6FflmZzWQGNg
>>>
>>> is being created (and one other file, too) but that nginx reports that
>>> the _directory_
>>>
>>>     .well-known/acme-challenge/IT7-YURAep4bniD9zYpKpdRUBQcgCRJ6FflmZzWQGNg
>>>
>>> doesn't exist.
>> You have a problem with your nginx config. It doesn't seem related to postfix et al.
>>
>> Really off-topic for this list but you could perhaps post your nginx config and logs.
> If this is more properly a certbot question, I should ask there.  I'd
> understood from the certbot docs that postfix had developed a
> postfix-specific certbot plugin, in which case this might have been
> the right venue to ask.  That I hadn't found that plugin was, to be
> fair, a bit suspicious to me, but it wouldn't be the first time I miss
> something in front of my nose.


You're using the webroot plugin for the challenge. This is as simple as dropping a file and letting nginx serve it as static content (maybe with try_files). The various certbot plugins for postfix and other apps are for automating the certificate installation and tweaking TLS configuration to match certain recommendations. That's not related to your issue here. You're looking at a challenge failure. You're saying that the file is there but nginx is failing to serve it, that should be easy to fix and once it fix the challenge will pass and your certificate will be issued. You can then install it, manually or otherwise.