Auto renew failing all of a sudden on Node.js NGINX server

Help
1

I’ve been using Let’s Encrypt on my sites for months, and the auto-renewal has been working until now. The last attempt failed a few days ago and I haven’t been able to renew my certificates since. I have a Node.js app running on port :8080 on an Ubuntu server. I can still connect to the site but the HTTP connection is not secure.

The follow cron jobs have failed:

#30 2 * * 1 /usr/bin/letsencrypt renew >> /var/log/le-renew.log
#35 2 * * 1 /bin/systemctl reload nginx

15 3 * * * /usr/bin/certbot renew --quiet --renew-hook "/bin/systemctl reload nginx"

And I’ve tried requesting a new cert with certbot:

image.png1434×982 120 KB

I haven’t made any DNS changes or any changes to my Node.js app, so I don’t see how that would affect it.

My NGINX and firewall configuration is as follows.

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name [REDACTED] www.[REDACTED];
    return 301 https://$server_name$request_uri;
}


server {
    location ~ /.well-known {
            allow all;
    }

    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    include snippets/ssl-[REDACTED].conf;
    include snippets/ssl-params.conf;

    root /var/www/html/[REDACTED];

    index index.html index.htm index.nginx-debian.html;

    server_name _;

    location / {
            proxy_pass http://localhost:8080;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;
    }
}

Firewall:

Nginx Full                 ALLOW       Anywhere                  
OpenSSH                    ALLOW       Anywhere                  
Nginx Full (v6)            ALLOW       Anywhere (v6)             
OpenSSH (v6)               ALLOW       Anywhere (v6)
2

Hi @robertbabington,

Can you connect to port 80 on the server yourself using a web browser? The error suggests that the certificate authority was unable to reach your nginx on port 80, even though your nginx configuration apparently is meant to listen on that port (and then redirect to HTTPS, which should be fine).

If you can connect to port 80 with a web browser, can you also connect to port 443 using HTTPS with a web browser?

3

Getting the same error while issuing new certs, haven’t checked for renewing yet. I am using acme.sh

4

Hi @firstorder,

It will be much easier and faster for us to help you if you can tell us your full domain name, since we can look up IP addresses and check reachability.

5

Thanks, I managed to find the problem, but you were right. For some reason 443 was hanging and not allowing any connections. I killed that process and restarted NGINX and it’s working now.

6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.