Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Hint: The Certificate Authority failed to verify the temporary nginx configuration changes made by Certbot. Ensure the listed domains point to this nginx server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version):
nginx version: nginx/1.18.0 (Ubuntu)
The operating system my web server runs on is (include version):
ubuntu server 22.04
My hosting provider, if applicable, is:
no-ip
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.21.0
There are several problems. One is that you are using the nginx plug-in but an Apache server is responding to requests for that domain. Are you sure the IP in your DNS points to your server?
A second problem is the redirect is both to a private IP address and a port that Let's Encrypt does not allow for redirects.
You should first find out why Apache is responding. Example
curl -I http://srimuang.ddns.net
HTTP/1.1 302 Found
Date: Fri, 17 Jun 2022 14:49:48 GMT
Server: Apache
Location: http://192.168.43.70:8080
Content-Type: text/html
Your DNS is pointing to your private IP 192.168.43.70. That will not work. The public DNS must point to your public IP for the Let's Encrypt http challenge to work. You can find your public IP in your router admin panel or using a command like:
curl -4 http://ifconfig.co
I do not know enough about the Pi and docker compose to help further. I think you should focus on getting an HTTP site working first. Once that is working we can help you get a Let's Encrypt cert.
I think that guide is poorly written. The certbot command format is wrong among other things. The sample website they setup is not running on a Pi and not even using nginx. Maybe search this forum for raspberry for other ideas.
You can use the Let's Debug test site to help you test your http site. Or, even use a browser from the public internet - not your home network. You could do that using a cell phone with wifi turned off if you don't have other machines to test from.
but when i sudo nginx -t && nginx -s reload
it shows
nginx: [emerg] a duplicate default server for 0.0.0.0:80 in /etc/nginx/sites-enabled/default:22
nginx: configuration file /etc/nginx/nginx.conf test failed
when i point to public ip it timeout as you can see . Timeout during connect (likely firewall problem)
my result debug is ANotWorking
ERROR
srimuang.ddns.net has an A (IPv4) record (182.232.224.166) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A test authorization for srimuang.ddns.net to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
Your host must be publicly reachable on both port 80 and 443.
Check your firewall rules and do not attempt to block port 80 as that will prevent http-01 challenges from completing.
will this guide will work ?? Run your blog with Ghost, Docker and LetsEncrypt
You should check your router to make sure it allows inbound connections and is doing any port forwarding correctly. You should make sure your ISP allows connections on port 80 and 443. If you have a firewall(s) make sure they allow inbound connections on port 80 and 443.
The latest guide you showed suggested using a hosting service. If you are going to pay for a hosting service you should look at one that makes setting up your blog easy. Let's Encrypt also has this list of hosting candidates.
hey do you know how to port forwarding without router ??
i think i skip this process
i try 192.168.1.1 but ERR_CONNECTION_REFUSED &
192.168.0.1 is ERR_CONNECTION_TIMED_OUT
I see you are now using NOIP for your domain name but it has two problems. One is that it is not configured to allow the Let's Encrypt HTTP challenge to work. The below request should result in a 404 Not Found error because file ForumTest123 does not exist on your server. Instead, the NOIP system returns a 200 Found. Two, the page says to click a link to forward to your 192.168.43.71:8080 and this will not work from the public internet. Addresses that begin with 192.168 are private addresses only.
You need to have a working website with HTTP before you can get a cert using the Let's Encrypt HTTP challenge. Once you have a site working we can help you get a cert.
curl -i srimuang.ddns.net/.well-known/acme-challenge/ForumTest123
HTTP/1.1 200 Found
Date: Sun, 19 Jun 2022 14:14:44 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 1017
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
<html>
<!-- WEB REDIRECTION PROVIDED BY NOIP.COM http://www.noip.com/ -->
<head>
<TITLE></TITLE>
<meta name="keywords" content="">
<meta name="description" content="">
<link rel="icon" href="http://192.168.43.71:8080/favicon.ico" type="image/ico">
<link rel="shortcut icon" href="http://192.168.43.71:8080/favicon.ico">
</head>
<!--
<script language="JavaScript">
if(window != top) {
top.location.href = location.href;
}
</script>
-->
<frameset rows="*,29" >
<frame src="http://192.168.43.71:8080/.well-known/acme-challenge/ForumTest123" name="redir_frame" frameborder=0>
<frame src="http://srimuang.ddns.net/KHgKKjl_popupgoogle.html" noresize="noresize" scrolling="no" name="ad_frame"
frameborder="0">
<noframes>
Sorry, your browser does not support frames. Click <a href="http://192.168.43.71:8080/.well-known/acme-challenge/ForumTest123" TARGET=_top>here</A>
</noframes>
</frameset>
</html>
idk why my http:// doesn't work
it show
not secure i my site
my host name Protocol http:// already set to no-ip
also in my docker-compose.yml
url: http://srimuang.ddns.net
Respectfully, I think you should buy a hosting service. You say you are "too new for this". I agree.
There are hosting services designed for people to easily setup websites, blogs, and similar. It will avoid much of the complexity that you are having trouble with. Maybe some future day as you learn more you may be able to setup a working system on your own.