Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: t4tcookiecutters.com
I ran this command: sudo certbot certonly --manual --preferred-challenges=dns --email admin@example.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d example.com -d *.example.com
It produced this output: Everything appeared to work as expected
My web server is (include version): Nginx/1.18.0 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 20.04
My hosting provider, if applicable, is: Hosted on bare metal server sitting in my other room (Esxi/Ubuntu VM)
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot 0.40.0
Hello, can someone please help me with this? I'm hosting a website from my house, I'm just trying to learn what I can on a homelab I just put together and I'm trying to figure out SSL now. I followed this guide:
When I try to go to my site, it gives an error saying invalid SSL. I'm assuming a butchered the syntax? I use Cloudflare for DNS
I don't understand the syntax. The legend says --server: Specify the endpoint to use to generate
What does that mean? Do I enter --server there? Or do I put my website in place of --server? Or do I put --server and then my website?
I put my website for -d as in the example because I intend to use it as a wildcard.
Here is a screenshot of information from the certificate on the site.
I can't share image because new users are limited to one embedded image
Is common name correct there? Subject Alt Names; does that look wrong?
Cloudflare has a CDN so your site is cached and it hides your real IP. You can turn this on and off. When it is on, it gives the invalid SSL error. When it is off behaves differently depending on the browser you use.
On Firefox it gives a security warning and says "SEC_ERROR_UNKNOWN_ISSUER" and if you click "View Certificate" it shows this:
I can't share image because new users are limited to one embedded image
If I click accept and attempt to go to the site it says "Secure connection failed an error occurred during a connection to t4tcookiecutters.com" (What logs would I log through to find what this error is because it's not referenced)
If I use Chrome it just times out with the error ERR_CONNECTION_TIMED_OUT
I am completely lost. Is this being caused by me screwing up the SSL syntax on a command line? Is this caused by my DNS provider? Or is it my server itself? What logs do I look through? I would like to know where the logs are that show the server response so I can see if the request is even hitting my server.
I also have a Kemp Load Balancer on the server. Kemp is run in it's own VM. SSL works on that, so I know that connections can come in and it works with plex and the very same ecommerce site I am attempting to install. I followed this tutorial to get that working:
But I chose a terrible Domain name to test it out. Kemp also has a limit on how much bandwidth can pass through on the free version and upgrading costs a fortune because they're only interested in catering to enterprise. So I was going to attempt to use nginx as a reverse proxy to replace kemp, but that nightmare is for another day. On DNS the both domains point to my IP address. Will this cause issues? I turned off kemp so it wouldn't answer any requests and it doesn't appear to change anything. Of course the sites kemp was controlling don't respond as expected, but I don't understand enough about networking to know if different url's pointing to the same IP when there is a reverse proxy already sitting on there would make a difference.
I would like to work in IT eventually but I have to believe that if I get stuck on something like this, maybe I shouldn't even bother. Isn't this a realatively easy part of it? If my ISP didn't block port 80 (For my protection.. yeah right), would this all be smooth as silk?
What makes this so difficult is that so much runs on linux so I'm having to learn that os at the same time and this has made it a nightmare. I have a suspicion I did something wrong here: I couldn't figure out how to copy and paste between programs and the terminal, I had a bunch of problems with hidden files and permissions so I chmod 777 a lot of stuff just trying to figure out how to see stuff. I ended up having to email the cert files and everything over to my windows machine just to be able to enter info. This waste of time took several hours and it was simply because copy and paste was different than on windows, as frustration grew it got harder to remain focused.
Once I figure this out, I'm going to reproduce the steps several times on new VMs so I know what the hell I'm doing. My test system obviously has security issues with file permissions and stuff, but none of that matters when it appears the server isn't even responding.
PS: You should give new users the ability to embed more images, 1 is to low a number.