My domain is: mastodon.lol
I ran this command: certbot --nginx -d mastodon.lol
It produced this output: it installed successfully
My web server is (include version): nginx/1.18.0
The operating system my web server runs on is (include version): Ubuntu 20.04.4
My hosting provider, if applicable, is: N/A
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): 0.40.0
I had an expired certificate for a long time (500+ days) but it wasn't an issue because I'm using CloudFlare. Today I had trouble with CloudFlare connecting to my server so I decided to renew my LE certificate to see if that would help.
That fixed the issue I was having, I got a new certificate with a problem, but now I'm unable to connect to any website which uses LE certificates from my server.
root@mastodon:~# curl -vv https://tech.lgbt/ * Trying 184.108.40.206:443... * TCP_NODELAY set * Connected to tech.lgbt (220.127.116.11) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.2 (OUT), TLS handshake, Client hello (1): * OpenSSL SSL_connect: Connection reset by peer in connection to tech.lgbt:443 * Closing connection 0 curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to tech.lgbt:443
It's not a firewall issue. I can curl to non-LE https sites. These sites aren't blocking my server IP, I can pick any website with a LE certificate and I cannot curl/wget/anything with it.
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done. Processing triggers for ca-certificates (20210119~20.04.2) ... Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... updates of cacerts keystore disabled. done.
Clearing symlinks in /etc/ssl/certs... done. Updating certificates in /etc/ssl/certs... 128 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... updates of cacerts keystore disabled. done.
with no luck. I've also rebooted just to be sure.
Any help would be greatly appreciated.