Can´t get SSL Cert after Install NGINX

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: revisionesdegas.com.co

I ran this command: I use Directadmin + custombuild 2.0

It produced this output:
Cannot Execute Your Request

Details

Challenge pre-checks for http://revisionesdegas.com.co/.well-known/acme-challenge/letsencrypt_1608146581 failed... Command:
/usr/local/bin/curl --connect-timeout 40 -k --silent --resolve revisionesdegas.com.co:80:46.166.173.175 --resolve revisionesdegas.com.co:443:46.166.173.175 -I -L -X GET http://revisionesdegas.com.co/.well-known/acme-challenge/letsencrypt_1608146581
Exiting.

My web server is (include version): Centos 7 + Directadmin + Nginx as Proxy Reversew

The operating system my web server runs on is (include version): Centos 7

My hosting provider, if applicable, is: Cherry Server

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): DirectAdmin

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot) certbot 1.9.0

1 Like
2

Hi @EnekoLaiz

there is no answer. A working port 80 is required if you want to use http validation.

Read

1 Like
3

Hi Juergen, thanks , Im behind a proxy reverse nginx .. is there any way to set this to get it work ?

1 Like
4

Does your nginx reverse proxy forward requests from the Internet on port 80 of 46.166.173.175 to your server?

1 Like
5

Thanks Schoen, I guess so Yes, The Normal Request works, How Can I check that ?

1 Like
6

Not exactly relevant... But amusing to see the results of:
openssl s_client -connect revisionesdegas.com.co:443

---
Certificate chain
 0 s:/C=US/ST=Someprovince/L=Sometown/O=none/OU=none/CN=localhost/emailAddress=webmaster@localhost
   i:/C=US/ST=Someprovince/L=Sometown/O=none/OU=none/CN=localhost/emailAddress=webmaster@localhost
 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High-Assurance Secure Server CA
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
 2 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
 3 s:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
   i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
 4 s:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
   i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
 5 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3
   i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
 6 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
   i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---

I've never seen a localhost cert chained to anything - much less to that many things!

1 Like
7

Are there any other servers in addition to your server behind the same reverse proxy?

Is the reverse proxy usable from your server (to connect to itself)? This is apparently what your Directadmin software is trying to do.

1 Like
8

Thanks to All, i going to uninstall Totally the Let´sEncrypt.

Have some recommendations to proceed with it.?

uninstall totally / Clean the House and Reinstall With Actual Parameters,

3 Likes
9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.