My domain is: mastodon.lol
I ran this command: certbot --nginx -d mastodon.lol
It produced this output: it installed successfully
My web server is (include version): nginx/1.18.0
The operating system my web server runs on is (include version): Ubuntu 20.04.4
My hosting provider, if applicable, is: N/A
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): 0.40.0
I had an expired certificate for a long time (500+ days) but it wasn't an issue because I'm using CloudFlare. Today I had trouble with CloudFlare connecting to my server so I decided to renew my LE certificate to see if that would help.
That fixed the issue I was having, I got a new certificate with a problem, but now I'm unable to connect to any website which uses LE certificates from my server.
root@mastodon:~# curl -vv https://tech.lgbt/
* Trying 198.199.90.37:443...
* TCP_NODELAY set
* Connected to tech.lgbt (198.199.90.37) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: Connection reset by peer in connection to tech.lgbt:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to tech.lgbt:443
It's not a firewall issue. I can curl to non-LE https sites. These sites aren't blocking my server IP, I can pick any website with a LE certificate and I cannot curl/wget/anything with it.
I've tried:
dpkg-reconfigure ca-certificates
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Processing triggers for ca-certificates (20210119~20.04.2) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
updates of cacerts keystore disabled.
done.
and:
update-ca-certificates --fresh
Clearing symlinks in /etc/ssl/certs...
done.
Updating certificates in /etc/ssl/certs...
128 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
updates of cacerts keystore disabled.
done.
with no luck. I've also rebooted just to be sure.
Any help would be greatly appreciated.