Cant able get ssl for new sub domain

sherlock_101 · August 10, 2021, 4:18am

My domain is:sherlockmeet.expertsystem.co.in

I ran this command: Let's Debug

It produced this output: got all ok

Ubuntu 20.04.2 LTS

My hosting provider, if applicable, is: local server

I can login to a root shell on my machine (yes or no, or I don't know): yes

Osiris · August 10, 2021, 5:49am

Could you please elaborate a little bit (or perferably: a lot) more about why you "cant able get ssl"? Which command did you run to get the SSL for the new subdomain? And what output did that give you?

sherlock_101 · August 10, 2021, 5:55am

cmd : sudo /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

output
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for sherlockmeet.expertsystem.co.in
Using the webroot path /usr/share/jitsi-meet for all unmatched domains.
Waiting for verification...
Challenge failed for domain sherlockmeet.expertsystem.co.in
http-01 challenge for sherlockmeet.expertsystem.co.in
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: sherlockmeet.expertsystem.co.in
Type: connection
Detail: During secondary validation: Fetching
http://sherlockmeet.expertsystem.co.in/.well-known/acme-challenge/--SsEmXibaqgKxUu-qs3juyKGfgd3b-MsaICJ_95lQQ:
Timeout after connect (your server may be slow or overloaded)

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If you're using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.

sherlock_101 · August 10, 2021, 9:00am

please help me out i am really stuck at this point

Osiris · August 10, 2021, 10:04am

Please be patient, this Community is mainly run by volunteers and most probably have regular day jobs (I do at least..)

sherlock_101 · August 10, 2021, 1:50pm

i really appreciates it @Osiris .

rg305 · August 10, 2021, 2:52pm

This seems a bit telling:

How busy is your server?
Please show the output of:
sudo top

rg305 · August 10, 2021, 2:54pm

It now fails:
Let's Debug (letsdebug.net)

sherlock_101 · August 10, 2021, 3:01pm

i was working around please wiat i give you output

rg305 · August 10, 2021, 3:13pm

OK that explains the failures

sherlock_101 · August 10, 2021, 3:16pm

now please check status is ok

rg305 · August 10, 2021, 3:17pm

I'm not familiar with this script, but it seems to be using this --webroot:

We can place a test file in that location to verify if nginx is properly configured to serve from there with:
mkdir /usr/share/jitsi-meet/.well-known
mkdir /usr/share/jitsi-meet/.well-known/acme-challenge
echo "test file 1234" > /usr/share/jitsi-meet/.well-known/acme-challenge/Test-File-1234

and then check for file access with
http://sherlockmeet.expertsystem.co.in/.well-known/acme-challenge/Test-File-1234

rg305 · August 10, 2021, 3:19pm

If that file is not accessible from the Internet, then the challenge path doesn't match.

I have to step away for a few hours.
Maybe someone else can step in OR I can continue working with you when I return.

sherlock_101 · August 10, 2021, 3:20pm

ok let me do that . thanks for response

sherlock_101 · August 10, 2021, 3:38pm

sudo echo "test file 1234" > /usr/share/jitsi-meet/.well-known/acme-challenge/Test-File-1234
-bash: /usr/share/jitsi-meet/.well-known/acme-challenge/Test-File-1234: Permission denied

sherlock@sherlockmeet:~$ sudo echo "Test-File-1234" > /usr/share/jitsi-meet/.well-known/acme-challenge/Test-File-1234

-bash: /usr/share/jitsi-meet/.well-known/acme-challenge/Test-File-1234: Permission denied

sherlock_101 · August 10, 2021, 3:40pm

i am totally lost here guide me more please

sherlock_101 · August 10, 2021, 3:44pm

Osiris · August 10, 2021, 4:41pm

Could you please share the file /etc/nginx/sites-available/sherlockmeet.expertsystem.co.in.conf ?

sherlock_101 · August 10, 2021, 4:53pm

server_names_hash_bucket_size 64;

types {
# nginx's default mime.types doesn't include a mapping for wasm
    application/wasm     wasm;
}
server {
    listen 80;
    listen [::]:80;
    server_name sherlockmeet.expertsystem.co.in;

    location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        root         /usr/share/jitsi-meet;
    }
    location = /.well-known/acme-challenge/ {
        return 404;
    }
    location / {
        return 301 https://$host$request_uri;
    }
}
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name sherlockmeet.expertsystem.co.in;

    # Mozilla Guideline v5.4, nginx 1.17.7, OpenSSL 1.1.1d, intermediate configuration
    ssl_protocols TLSv1.2 TLSv1.3;

Osiris · August 10, 2021, 4:56pm

Interesting.. So the webroot should be OK looking at that section, but somehow it doesn't actually work?

Could you paste the entire output of sudo nginx -T? It shows all the configuration parameters currently actually in use. Please put three backticks (```) on a separate line above and below the output. Like this:

```
output
```

Topic		Replies	Views
Problems while creating a certificate Help	2	4457	May 20, 2017
Help cant get ssl certs Help	3	497	March 17, 2023
Cannot create ssl certificate with let's encrypt in subdomain Help	16	1238	August 3, 2023
Some challenges have failed Help	12	1375	November 2, 2022
Certificate Install Trouble Help	12	1443	April 23, 2018

Cant able get ssl for new sub domain

Related topics