Can't generate SSL certificates

Hi again I am following This tutorial to create ssl certificates for mi domain.

My domain is: back-gulam2022.tk

I ran this command:
Context. I have and API running on a ec2 instance ( Ubuntu 20.04 ) with the followin docker-compose.yml file :

version: '3.7'
services:
  web:
    build: .
    image: app
    command: bash -c "yarn start"
    working_dir: /app

  nginx:
    image: nginx
    ports:
      - 80:80
      - 443:443
    restart: unless-stopped
    volumes:
      - ./data/nginx:/etc/nginx/conf.d
      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/certbot/www:/var/www/certbot
    command: '/bin/sh -c ''while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g "daemon off;"
  certbot:
    image: certbot/certbot
    restart: unless-stopped
    volumes:
      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/certbot/www:/var/www/certbot
    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"

and the following data/nginx/app.conf file

server {
    listen 80;
    server_name back-gulam2022.tk;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://back-gulam2022.tkk$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name back-gulam2022.tk;

    ssl_certificate /etc/letsencrypt/live/back-gulam2022.tk/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/back-gulam2022.tk/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        proxy_pass http://web:5000;
    }
}

I am on the portion of creating the dummy certificates, so i ran sudo ./init-letsencrypt.sh

It produced this output:

**Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: back-gulam2022.tk
Type: connection
Detail: 34.201.103.120: Fetching http://back-gulam2022.tk/.well-known/acme-challenge/rLjOW5WAJiwZv8kRLrRdE8s0PIbJDIKimGGf5ucGjUo: Connection refused

Domain: www.back-gulam2022.tk
Type: connection
Detail: 34.201.103.120: Fetching http://www.back-gulam2022.tk/.well-known/acme-challenge/vtMGou1qkYTh3PD3GhxDofRKdl66KamekhtnAyTn3AI: Connection refused

Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.**

My web server is (include version): Ubuntu 20.04 ec2 instance

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: Freenom

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot latest

1 Like

There is a TYPO there?

3 Likes

You need a working HTTP site before you can secure it via HTTP authentication.

curl http://back-gulam2022.tk/
curl: (56) Recv failure: Connection reset by peer
3 Likes

yup, notice it and already fixed. getting this issue rigth now trying a differrent aproach.

looks like my site can't connect via http so i am looking into that

2 Likes

Yup tried that, thanks will be looking into that. ( really thanks for the fast replies )

2 Likes
Name:    back-gulam2022.tk
Address: 34.201.103.120

Make sure your system is at that IP.

3 Likes

Yeah, now it is working on the ec2 instance, i guess i need to issue the certificates from mi local machine and then clone the repo with the certificates on it.

either that or run 2 shells on the instance, not sure how that would work so i will try the first aproach

1 Like

Update, managed to do it.
The sol was.
Run the API on the ec2 so it responds with http, then run the initial certificates with certbot and update the nginx to listen with 443. :slight_smile: Thanks everyone for your help

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.