Can’t generate SSL certificate with Laravel project and nginx

My domain is:
www.destinydev.eu

I ran this command and It produced this output:
certbot --nginx

My web server is (include version):
nginx/1.19.2

The operating system my web server runs on is (include version):
Archlinux

My hosting provider, if applicable, is:
Myself

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no, only CLI

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

certbot 1.7.0

The error:

Waiting for verification…
Challenge failed for domain www.destinydev.eu
http-01 challenge for www.destinydev.eu
Cleaning up challenges
2020/08/28 16:10:16 [notice] 658#658: signal process started
Some challenges have failed
The following errors were reported by the server:
Domain: www.destinydev.eu
Type: connection
Detail: Fetching
http://www.destinydev.eu/.well-known/acme-challenge/lsPnmsNYZKLOuJRzquW2kcXBY4r6rmiA21LIABZsehU:
Timeout during connect (likely firewall problem)

More:
it appears that certbot is trying to access “.well-known/acme-challenge/lsPnmsNYZKLOuJRzquW2kcXBY4r6rmiA21LIABZsehU” but it not exist.
The script dont make folders and file in the public folder and i dont know why.

No no, you’re not reading the error correctly. You say “it does not exist”, the Let’s Encrypt validation server (and so do I) says “I can’t connect to your site at all”.

I can’t ping it, I can’t connect to port 80 nor port 443, but strangely enough it does reply to a traceroute

Seems to me you’ve got some firewall blocking access to port 80 (and 443).

I can’t ping it

this is normal. For security, I have prohibited responses to pings.
But port 80 and 443 are open

Not from my endpoint. And looking at the error presented by the Let’s Encrypt validation server, neither from their endpoint.

In essence your site isn’t reachable at all. See also: https://downforeveryoneorjustme.com/destinydev.eu?proto=http&www=1

if port 80 was not open, we could not access the site in http. However, it is possible.
look my website on your browser.

Part of my iptable:

-A TCP -p tcp -m tcp --dport 80 -j ACCEPT
-A TCP -p tcp -m tcp --dport 443 -j ACCEPT

I did… Your site is NOT accessible. Like I said, it is down… I’m saying it, Let’s Encrypt is saying it, a third (or even fourth) party (see the URL I posted earlier) is saying it…

I don’t know what is blocking access, but something is. Could even be regional.

:sweat:
You said you cant access at this url http://www.destinydev.eu/ ?
So why do I get there ?

Hi @Astriaporta

your website doesn’t answer - see https://check-your-website.server-daten.de/?q=destinydev.eu - only timeouts.

Not http, not https, not http + /.well-known/acme-challenge/random-filename:

Domainname Http-Status redirect Sec. G
http://destinydev.eu/ 88.127.171.222 -14 10.053 T
Timeout - The operation has timed out
http://www.destinydev.eu/ 88.127.171.222 -14 10.004 T
Timeout - The operation has timed out
https://destinydev.eu/ 88.127.171.222 -14 10.040 T
Timeout - The operation has timed out
https://www.destinydev.eu/ 88.127.171.222 -14 10.027 T
Timeout - The operation has timed out
http://destinydev.eu/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 88.127.171.222 -14 10.023 T
Timeout - The operation has timed out
Visible Content:
http://www.destinydev.eu/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 88.127.171.222 -14 10.033 T
Timeout - The operation has timed out
Visible Content:

If online tools can’t check your domain, Letsencrypt may have the same problem.

Change that.

1 Like

Correct.

I don’t know. Probably because you’re closer to the host, location wise speaking? Whitelisted? No idea…

:thinking: it’s probably a country restriction. I’m in France.

But it seems strange to me because others can do it