Can not issue SSL certificate for sub domain

Shahin-rmz · October 13, 2021, 8:47pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
manage.medidentkala.com
I ran this command:

It produced this output:
this is the log of my error:
error1.txt (17.5 KB)

My web server is (include version):
Nginx proxy manager on docker with the Nginx version: openresty/1.19.3.1

The operating system my web server runs on is (include version):
ubuntu:21.04 ARM version

My hosting provider, if applicable, is:
Self hosted- Raspberry pi 4

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no, I use terminal

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.19.0

Hello.
I had my domains on Namecheap.
Then transferred them to cloudflare. (the transferation is not complete yet).
with Nginx proxy manager I am trying to make have a subdomain, which is manage.medidentkala.com
this works fine with port 80.
When I try to get SSL certificate, I can not and get the errors which you can see in logs.
After some errors also will get banned by "too many request limit",
Also when I had my domains hosted on Namecheap, had the same problem,
Also issued the cloudflare token. but still does not work.
Any help is appreciated.
Respect
Shahin

griffin · October 13, 2021, 8:54pm

Welcome to the Let's Encrypt Community, Shahin

Detail: DNS problem: NXDOMAIN looking up A for manage-docks.accerun.com - check that a DNS record exists for this domain

That doesn't seem to match:

There is no A or CNAME record for manage-docks.accerun.com:

https://toolbox.googleapps.com/apps/dig/#A/manage-docks.accerun.com

On the other hand, there is an A record for manage.medidentkala.com:

https://toolbox.googleapps.com/apps/dig/#A/manage.medidentkala.com

Shahin-rmz · October 13, 2021, 9:13pm

Hello @griffin .
Thanks for quick reply.
As I said, I had tried multiple times and made multiple domains, and issued certificates for them. Maybe accidentally send wrong log file, because I got a bit tired
I issued a new certificate now and hereerror.txt (110.5 KB) is the log file of it.
Thanks for helping out

griffin · October 13, 2021, 9:19pm

Detail: Fetching http://manage.medidentkala.com/.well-known/acme-challenge/v7lJtnebv7NT1lwBR4_fxQTNJ2_kfWx4UsPotBf8ypw: Timeout during connect (likely firewall problem)

The bold part is probably accurate. Both ports 80 (HTTP) and 443 (HTTPS) appear to be closed for manage.medidentkala.com.

Shahin-rmz · October 13, 2021, 9:37pm

It is probably not the cause.
The website with port 80 is reachable.
Also there is same configuration for both port 80 and 443.

So fire wall may be working properly.

griffin · October 13, 2021, 9:40pm

Nope. Both 80 and 443 are closed.

Shahin-rmz · October 13, 2021, 9:53pm

You are right.
How ever Nginx should work properly.
Please let me configure it, and share the results.
cheers.

Shahin-rmz · October 14, 2021, 4:57pm

Hey @griffin , your answer was totally right.
The problem was, I have accidentally white listed my own public IP address.
so I could check the website from home and couldn't understand the problem.
bur after you showing me the ports are closed, then got that there is a problem with network firewalls.
allowed all IP addresses to reach the website, and could easily issue SSL certificate, everything works fine.
Thanks

griffin · October 14, 2021, 5:56pm

Glad it worked out smoothly!

system · November 13, 2021, 5:56pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.