Can't generate ssl certificate, "Some challenges have failed."

Help
22

The picture seems to indicate that :84 will be used for HTTPS by test server at IP 192.168.200.121

Is there another redirect entry for port 80?
If so, to which IP:port does that go to?

I'm assuming that if there is only one server, then all the redirects go to the same IP.

I can work with whatever there is, I just need to know what is there.

1 Like
23

Like this sir.

image

1 Like
24

Ooooohhhhh!
One server but it is using virtual machines!

OK which IP gets the redirection for port 80?

[Excellent picture BTW]

2 Likes
25

port 80 didn't assign sir.

[LE dev need to add react button]

1 Like
26

The router/firewall doesn't redirect 80 to an internal IP?
[the same device you showed the port 84]

Yeah! all we get is a single :heart: button :frowning:

1 Like
27

It's like this site is only for the socially dysfunctional - ROFLMAO
Blame discourse not LE

3 Likes
28

Mybe it direct to router. idk sir they just gave me this picture and they want :84 to run with certificate so that I can apply it to in :82

image

29

What does pfSense do with the inbound port 80 requests?
What is the IP of the system where you ran nginx -T?
Is that 192.168.200.121?

1 Like
30

Yes sir. I ran it in 192.168.200.121

Should I run it in the main server ?

1 Like
31

We need to check/modify the HTTP vhost config on the server that gets the port 80 requests.
But we still don't know exactly where they go!

1 Like
32

There are some inherent complexities to using the same name for multiple systems.

  1. SNI fails to distinguish serverA from serverX
    when they are ServerA:portX and ServerA:portZ
  2. All HTTP authentication requests for EXAMPLE.COM will go to only one system/server/IP.
    ServerA:port80

It would really be more... useful if each server had its' own name.
Like:
mindset81.ccgeo.info = 45.202.17.189
mindset82.ccgeo.info = 45.202.17.189
mindset83.ccgeo.info = 45.202.17.189
mindset84.ccgeo.info = 45.202.17.189

2 Likes
33

Now back to the big hurdle in our plan:
Which system gets the port 80 requests?
[without individual names, all requests (certbot) will have to be processed in one single place]

2 Likes
34

Sir port 80 is assign in mindset.ccgeo.info. Using pfSense

35

Anyway you can find it will due.
I would start with pfSense settings...
[presuming that is the first thing encountered from the Internet inward]

The picture you showed looks like pfSense; Do you have access to that system OR did they just give you a picture?

1 Like
37

Sir port 80 is assign @ mindset.ccgeo.info using pfSense

38

To which IP does the port 80 go to?
There must be an IP setting (isn't there?).
Or does the pfSense answer on 80?

1 Like
39

That public ip address sir
image

40

ya mean public sir ? or internal ?

41

Ok, and where does it go from there?
When I do:
curl -Ii http://45.202.17.189/
What system answers me?

something replies with:

HTTP/1.1 200 OK
Date: Wed, 17 Nov 2021 07:19:24 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Mon, 29 Jul 2019 04:00:01 GMT
ETag: "5b9-58ec9ed19c569"
Accept-Ranges: bytes
Content-Length: 1465
Vary: Accept-Encoding
Content-Type: text/html
1 Like
42

We need to find that Apache server!
[clues]
It shows:
Ubuntu
Apache/2.4.18

1 Like