Certbot cannot verify and refused connection when port is open

Help
1

I am trying to generate certificate for my domain. I can ping my domain but still getting error. I have added inbound firewall rule to my digital ocean server to accept port 80 on ipv4 and ipv6 as well. Not sure what is wrong. [Note: my nginx server is not running as I cannot get the certificate]

My domain is: www.1040nra.com

I ran this command: sudo certbot certonly --staging --webroot -w /root/dt-app-data/ -d 1040nra.com -d www.1040nra.com

It produced this output:
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for 1040nra.com
http-01 challenge for www.1040nra.com
Using the webroot path /root/dt-app-data for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. 1040nra.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://1040nra.com/.well-known/acme-challenge/22AD-KFmF62z373CPiUKzk6dlr-0s5wMOmnmrziMqd4: Connection refused, www.1040nra.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://www.1040nra.com/.well-known/acme-challenge/ba-jjDhBUZJ9fHLofGfDYSVV5a-ETlX26A64A-2Yu0s: Connection refused

IMPORTANT NOTES:

The operating system my web server runs on is (include version): ubuntu 18.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

2

The webroot plugin requires that your web server – Nginx – is running.

Can you temporarily configure Nginx so that it can run? For example, by disabling your HTTPS virtual host, or configuring it to use a dummy certificate?

(By the way, why are you using --staging? To test setting it up?)

(By the way, if you add --deploy-hook "systemctl reload nginx", Certbot will automatically reload Nginx in the future when it renews your certificate.)

3

Ok let me try by setting nginx on

I am using staging because I hit my rate limit and now there is no way to test this.

Will the deploy hook work for nginx docker container? I use nginx docker container

4

Ran nginx without certs

Failed authorization procedure. 1040nra.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://1040nra.com/.well-known/acme-challenge/2JsfUgOsLS_osgHXjp25H39hPzK4_wIKRq9FPQAGNEA [167.99.107.175]: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n

404 Not Found

\r\n
”, www.1040nra.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://www.1040nra.com/.well-known/acme-challenge/BQ8loklTy0lGknQbfYB2UOxQs-cRp405Z_7DyJBkGig [167.99.107.175]: “\r\n404 Not Found\r\n<body bgcolor=“white”>\r\n

404 Not Found

\r\n

IMPORTANT NOTES:

5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.