Cannot connect to my raspberry pi server

My domain is:wolverinesoap.com

My web server is (include version): Nginx 1.17

The operating system my web server runs on is (include version): Raspbian Buster (latest version)

I can login to a root shell on my machine: yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0-1

I have pre-emptively used the diagnostic website commonly used on this forum:
https://check-your-website.server-daten.de/?q=wolverinesoap.com

I installed letsencrypt by following THIS guide.

I use google domains.

I cannot reach my server when typing in my domain name. I get the error “ERR_CONNECTION_REFUSED”.

I can reach my server directly by ip, but i get a warning stating that my page is not secure.

My website recognizes that i have a certificate even though its “not secure”.

Here is my nginx server config.

image615×530 13.7 KB

I should also add that my domain name worked before I followed the guide.
I also have all of the correct files letsencrypt key, and nginx restarts without error.

Hi,

From your server virtual host, you have listened on port 80 for only ipv4 and 443 for ipv6 and ipv4.
However, you only have ipv6 setup in your domain, so when you tried to reach your domain on http://www.wolverinesoap.com it’s not connecting (connection refused)

P.S. I seem to have connection timeout for your IPv6 https connection…

Thank you

Hi @ineedhelpbro

is your router configuration correct? Looks like there is a blocking firewall.

Checking your raw ipv6 - https://check-your-website.server-daten.de/?q=[2601%3A201%3A4201%3Aa410%3A%3Acc36]

Looks like http is blocked via a firewall, https isn't configured.

Port 80 extern -> port 80 intern
Port 443 extern -> port 443 intern

I have forwarded port 443 on my firewall. I still cannot connect

Hi,

I can connect successfully now.

image1111×504 15 KB

Thank you

Im still unable to connect.

Yep, same here. http + the ip doesn’t work. https + the ip works with a certificate warning, it’s the correct certificate.

But this is your connection.

PS: The form action - doesn't work.

But that's expected

<form action="http://www.example.com/login.php">

Yes, the website has no content just placeholders.

Do I need to alter my domain setting in google?

Ok , so how can I connect locally and get the green lock pad showing?

It sounds like you’re trying to access a local service on the same network, but using a public address.

Typically, this works in 3 flavors:

1. Place the Service into a DMZ on the router
2. Configure split-horizon DNS, so internal clients receive the internal IP, external clients receive the external IP.
3. Configure reflection services, or “hairpin” NAT rules on the router.

I’m sorry to say that ALL of these options are really outside the scope of the Let’s Encrypt forum, but hopefully they put you on the correct path.

The simplest option for quick development is to edit the HOSTS file on your local machine to point the fully-qualified domain name to the IP of your Raspberry Pi. This certainly doesn’t scale and has a potential to introduce confusion down the road, but I think it would get you connected quickest.

So the behavior im experiencing is “normal”? I’m not supposed to be able to access my website locally using my domain name?

When I had http set up, I was able to access my website locally using my domain name. I can still access it with my ip.

I’m not supposed to be able to access my website locally using my domain name?

It depends. This sounds like a problem with your DNS amongst other things. The options that @ezekiel presented are all valid.

Run the following commands internally as well as externally and compare the results you get.

curl -IL6 https://www.wolverinesoap.com
dig @8.8.8.8 wolverinesoap.com www.wolverinesoap.com +short
dig @YOUR_ROUTER_OR_DNS_SERVER wolverinesoap.com www.wolverinesoap.com +short

Here's what I see

$ dig www.wolverinesoap.com wolverinesoap.com +short

$ curl -IL6 wolverinesoap.com
curl: (6) Could not resolve host: wolverinesoap.com

$ curl -IL6 www.wolverinesoap.com
curl: (7) Failed to connect to www.wolverinesoap.com port 80: Connection refused

$ curl -IL6 https://www.wolverinesoap.com
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Mon, 24 Feb 2020 20:17:56 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive

Non-www isn't defined. www is with an ipv6.

Domain and ipv6 works.

Thanks @JuergenAuer, I’ve updated my comment.

Heres what i got

image767×125 4.38 KB

Do you have a port 80 vHost? If not, that’s expected.

Your https works.

If you are asking about my server settings being set to listen on port 80, then i changed them to listen on port 443 based on the guides instructions.

The instructions called for me to add the server block below in order to redirect

If you ever wants your configuration work on port 80, please add a listen directive that asks nginx to listen to port 80 over IPv6.
You already had Listen 0.0.0.0:80
Just add listen [::]:80

# listen to all IPv4 and IPv6 interfaces for port 80
# IPv4
listen :80;
# IPv6
listen [::]:80;

^^ this is what I said in the first reply…

Also, if you want to have your root domain working, add the IPv6 address you had for your www to your root domain.

Thank you