Aapanel deletes certificates after activation

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: sm.app

I ran this command: nginx -t

It produced this output:

nginx: [emerg] open() "/etc/letsencrypt/options-ssl-nginx.conf" failed (2: No such file or directory) in /etc/nginx/sites-enabled/default:147
nginx: configuration file /etc/nginx/nginx.conf test failed

My web server is (include version): Nginx

The operating system my web server runs on is (include version): Ubuntu 22.04

My hosting provider, if applicable, is: Godaddy

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Aapanel
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.9.0

So my problem is everytime I create a certificate my domain is still unsecured. If I create a certificate and I introduce it in the Aapanel SSL tab and activate it, I then run certbot certificates and none are shown, however if I then run nginx -t the error I get is

Renewal configuration file /etc/letsencrypt/renewal/sm.app.conf produced an unexpected error: expected /etc/letsencrypt/live/sm.app/cert.pem to be a symlink. Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The following renewal configurations were invalid:
  /etc/letsencrypt/renewal/sm.app.conf

Now I created a new certificate and I ran nginx -t and it produced the first result from above.
How do I make it work. I think it has something to do with my DNS configurations.

2

Hello @ryzeto, welcome to the Let's Encrypt community. :slightly_smiling_face:

I do not believe there is a DNS issue, the tests I done show it is fine.

Here is a list of issued certificates crt.sh | sm.app, the latest being 2024-03-18.
Be careful - Testing and debugging are best done using the Staging Environment as the Rate Limits are much higher.

image
image919×380 16.2 KB

I think you maybe coming up on the Rate Limits.

Using the online tool Let's Debug yields these results https://letsdebug.net/sm.app/1840521

ANotWorking
ERROR
sm.app has an A (IPv4) record (213.199.45.131) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
Get "http://sm.app/.well-known/acme-challenge/letsdebug-test": dial tcp 213.199.45.131:80: connect: connection refused

Trace:
@0ms: Making a request to http://sm.app/.well-known/acme-challenge/letsdebug-test (using initial IP 213.199.45.131)
@0ms: Dialing 213.199.45.131
@28ms: Experienced error: dial tcp 213.199.45.131:80: connect: connection refused

IssueFromLetsEncrypt
ERROR
A test authorization for sm.app to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
213.199.45.131: Fetching http://sm.app/.well-known/acme-challenge/YCgKjVmG66DYCtZjuW4k5aNBvn7_zpPbrSawGbJ2weI: Connection refused
1 Like
3

Thanks for your help!

So when I order the Contabo Ubuntu server I got the VPS IP address 213.199.45.131, however the A address on Godaddy was 92.205.27.91. Which one should I use? I changed the A address on Godaddy to the VPS IP address. Shouldn't I have done that?

1 Like
4

Which ever IP Address is given from the nginx server itself from these commands

curl -4 ifconfig.me
curl -6 ifconfig.me

and/or

curl -4 ifconfig.co
curl -6 ifconfig.co

and/or

curl -4 ifconfig.io
curl -6 ifconfig.io
1 Like
5

all -4 commands give me 213.199.45.131 and all -6 commands give me curl: (7) Couldn't connect to server
I also don't have an AAAA record in DNS, only an A record which I change from 92.205.27.91 to the IP address above.

Maybe the ANotWorking error is generated by Nginx because it is not started and I can't restart nor start it:
image

Also when I run nginx -t I get this:

nginx: [emerg] open() "/etc/letsencrypt/options-ssl-nginx.conf" failed (2: No such file or directory) in /etc/nginx/sites-enabled/default:147
nginx: configuration file /etc/nginx/nginx.conf test failed
6

So you want the DNS A record to be 213.199.45.131

7

yeah the A record is indeed that

image
image998×114 2.22 KB

1 Like
8

Presently I see Ports 80 & 443 are CLOSED

$ nmap -Pn -p80,443 sm.app
Starting Nmap 7.80 ( https://nmap.org ) at 2024-03-18 19:27 UTC
Nmap scan report for sm.app (213.199.45.131)
Host is up (0.16s latency).
rDNS record for 213.199.45.131: vmi1723978.contaboserver.net

PORT    STATE  SERVICE
80/tcp  closed http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.61 seconds
1 Like
9

how can I open it?

10

Probably by getting nginx running :slight_smile:

Do you have that file on your system? That is usually only created when using Certbot's nginx plugin successfully. Using any other method won't get that file.

What was the command you used to get the cert?

3 Likes
11

I used

sudo certbot —standalone -d sm.app -d www.sm.app

but when I used

sudo certbot —nginx -d sm.app -d www.sm.app

I eventually got the same error

In order to get rid of those errors I used

sudo rm -rf /etc/letsencrypt/
 sudo rm -rf /var/lib/letsencrypt/
 sudo rm -rf /var/log/letsencrypt/
12

That first one would delete your certs and auto renew profile too. And deleting the log may hinder debugging if any problems.

3 Likes
13

The ran ls /etc/letsencrypt/ and the output is accounts archive live renewal renewal-hooks

Maybe /etc/nginx/nginx.conf file is wrongly configured?

14

I thought you showed that you deleted all those.

What does this show? You had a config error earlier I just want to see if it is still there

sudo nginx -t
3 Likes
15

I ran only

sudo rm -rf /var/lib/letsencrypt/
 sudo rm -rf /var/log/letsencrypt/

Now if I run sudo nginx -t it shows

nginx: [emerg] open() "/etc/letsencrypt/options-ssl-nginx.conf" failed (2: No such file or directory) in /etc/nginx/sites-enabled/default:147
nginx: configuration file /etc/nginx/nginx.conf test failed
16

I'll ask the same questions I asked earlier.

3 Likes
17

I don't have it.
I used sudo certbot certonly --standalone -d sm.app -d www.sm.app

18

Then you cannot reference it in your nginx conf.

I think you tried to setup an nginx server block for port 443 (HTTPS) before you had any certs.

I recommend fixing your nginx conf so you can start nginx. Then retry

If that doesn't work show us the error messages don't just say "did not work"

3 Likes
19

I'm completely new to this things, how should I fix my nginx conf?

20

Usually with an editor. How did you create it in the first place?

I think you need to learn more about your system before trying to get a cert. You should work on creating a working nginx server using HTTP. Once you have that working then try to get a cert.

There are better places than here to learn about configuring and managing an nginx server. You have a considerable learning curve starting with that.

3 Likes