Can't create certificate to domain name

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: n8n.copine.com

I ran this command: sudo /snap/bin/certbot -v --nginx

It produced this output:

My web server is (include version): no web server, but an application n8n (automation)

The operating system my web server runs on is (include version): rapsbian

My hosting provider, if applicable, is: raspberry Pi IV

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): n8n (node back office and vue front office)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): version 2.4.0

Trace of problem
sudo /snap/bin/certbot -v --nginx
[sudo] Mot de passe de patrick :
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): n8n.pcopine.com
Requesting a certificate for n8n.pcopine.com
Performing the following challenges:
http-01 challenge for n8n.pcopine.com
Waiting for verification...
Challenge failed for domain n8n.pcopine.com
http-01 challenge for n8n.pcopine.com

Certbot failed to authenticate some domains (authenticator: nginx). The Certificate Authority reported these problems:
Domain: n8n.pcopine.com
Type: connection
Detail: 86.229.250.226: Fetching http://n8n.pcopine.com/.well-known/acme-challenge/t2ytHQ0FL29muTHZpdrdvhe92qa--a20WbNpckVfJxE: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.

Cleaning up challenges
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

The Let's Encrypt servers need to be able to connect to your server on port 80 in order to validate your control over the domain. They're unable to do so. The likely reason for that, as the error message tells you, is that your firewall is blocking connections on port 80.

5 Likes

Yes, thanks that was the problem. I managed to configure the nginx reverse proxy correctly.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.