Tag Archives: nginx

Allow IFrame in nginx

So the other day while working on this post I faced the issue that the map wasn’t showing as an IFrame, it was showing nothing but and empty white rectangle. This because by default nginx doesn’t allow X-Frames. In order to do this it is needed to edit file /etc/nginx/snippets/ssl-params.conf and change DENY to SAMEORIGIN as below:

grep "SAMEORI" /etc/nginx/snippets/ssl-params.conf 
add_header X-Frame-Options SAMEORIGIN;

References:
1) Nginx web
2) geekflare.com

Renew SSL cert with letsencrypt

Lately I have been playing around with lets encrypt. Wanted to get away from self signed certs, this gives a more professional aspect to the website. Installation was pretty easy to tell the truth, I just followed the following manual from Digital Ocean. Issue came with the cert renewal process. Letsencrypt renews via http, not https, so testing the renewal was failing.

certbot renew --dry-run 
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/mail.example.org.conf
-------------------------------------------------------------------------------
Cert not due for renewal, but simulating renewal for dry run
Starting new HTTPS connection (1): acme-staging.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mail.example.org
Waiting for verification...
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/mail.example.org.conf produced an unexpected error: Failed authorization procedure. mail.example.org (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mail.example.org/.well-known/acme-challenge/CbWS7lLTfZZe-z-ctdOhaxUe9ZhDi6iuGkxMv57xDbQ: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>". Skipping.
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/mail.example.org/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: mail.example.org
   Type:   unauthorized
   Detail: Invalid response from
   http://mail.example.org/.well-known/acme-challenge/CbWS7lLTfZZe-z-ctdOhaxEe9ZhDi6iuGzxMv57xDbQ:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

Continue reading