Correct but it seems, from the error log anyway, that it's looking in the wrong directory and producing a 404. Or am I missing something? Sometimes is connects with a 404 sometimes it errors out with the wrong redirect URL.
Can you tell me what the problem is, if any, when Let's Encrypt succesfully (at least once, as demonstrated in this topic in post #3) can reach the server of @Jailer? Ignoring the fact namecheap has a broken redirect of course.
You donāt know which IP address it used. Plus there are demonstrable problems from two different networks. Thatās what counts. Itās irrelevant that it works from other networks at this point.
But is it the actual problem @Jailer is facing now?
Letās recap:
First, he got a problem with the connectionā¦ But this was because of the broken redirect.
Second, he got a 404 file not found, which is a server problem (he also got the 404 file not found error in his nginx log!), not a routing problem.
Soā¦ Youāre sayingā¦ If a possible routing issue, which possibly isnāt even a structural problem on @Jailerās end, currently doesnāt give any troubleā¦ He should fix that first?
I think @Osiris is correct in the 2 problem issue. I just canāt for the life of me figure out why nginx would be looking in the wrong directory especially one not listed in the config.
Yes, lower layers are supposed to be working, then deal with upper layers. Or deal with them simultaneously. You can do that in the meantime while I try to figure out the IP stuff.
Just an FYI, odd icmp responses on my end should be expected. What my firewall doesnāt block will likely be caught by snort and blocked. That still doesnāt explain the odd hops but just figured Iād throw that out there.
Actually, they shouldn't. There is definitely something wrong with your IP layer connectivity which I can't figure out with just these details. I see now there is some snort service involved, too. Plus your IP address is RFC1918 so there's an additional router with port forwards I assume. In this whole picture there is something terribly wrong. Even for a working connection the traceroute should not have the destination host answering 4 times. The increasing reply times among those 4 replies in @Osiris' output suggest a routing loop somewhere, at which point the minimum TTL of the connecting host comes into play as well, which can very well lead to problems for some clients but not for others.
But this is a completely different problem than the 404 of course.
My ISP is a local outfit and it wouldn't surprise me one bit if they have something screwed up. My wan IP is RFC1918 so yes they have me behind their router. I had to purchase a static public IP to get out of a double NAT situation. Their "good' tech support guy left them a while back and they recently switched top level providers so It wouldn't surprise me if something isn't right on their end.
Back to the nginx. So there is a reverse proxy and an actual web server? Do you consider them both in debugging? Which component is actually throwing the 404? I lost track a bit.
Man I really donāt like this forum software now. I get anti spam measures but good lord! Too many posts for a new member and it locked me out for 14 hoursā¦
Anyway, an update is in order. I finally was able to verify the domain and update my certificate. As @Osiris said there were 2 issues involved here. The first one, the improper redirect, was resolved by submitting a ticket with namecheap. Only took a couple of hours and they got back with me and verified that there was a problem and fixed it. Many thanks to @TCM for figuring that one out. As for the error log message, I had to think about that one a bit. Thatās one of the problems with getting old you have to rattle things around in your head for a bit to come to a conclusion.
I got to looking closer at the proxy config and the nginx error log. It just didnāt make any sense that it was checking the directory listed in the error for verification. After thinking about it for a while (old guy thing) since there was no root directory listed in my server blocks I thought maybe it was checking the first file path it found in the config file which was the path for the SSL certificates. So I defined a root path in the server blocks in the proxy config for both HTTP and HTTPS and BAM! A dry run worked. So I removed the --dry-run switch and tried for real and the certificate was expanded with the www prefix for my domain.
I canāt thank you guys enough for helping me out with this, I never would have figured this out on my own. I always tell people getting somethign running is one thing, fixing it when it breaks is quite another.