Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: hanarey.com
I ran this command: certbot certonly -d www.hanarey.com -d hanarey.com
It produced this output:
How would you like to authenticate with the ACME CA?
1: Nginx Web Server plugin (nginx) [Misconfigured]
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 3
Simulating a certificate request for www.hanarey.com and hanarey.com
Input the webroot for hanarey.com: (Enter 'c' to cancel): /www/wwwroot/hanarey.com/letsencrypt
Select the webroot for www.hanarey.com:
1: Enter a new webroot
2: /www/wwwroot/hanarey.com/letsencrypt
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: www.hanarey.com
Type: connection
Detail: During secondary validation: 8.134.76.90: Fetching http://www.hanarey.com/.well-known/acme-challenge/AVL-0EkGytfToLjwTLjPT6zQPgckkusbBEEFO4ZkzCI: Timeout during connect (likely firewall problem)
Domain: hanarey.com
Type: connection
Detail: During secondary validation: 8.134.76.90: Fetching http://hanarey.com/.well-known/acme-challenge/1k3hKFDEuyRaC978gecIS3JhFq-BthRkUNpHL8Pc0d8: Timeout during connect (likely firewall problem)
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version): nginx/1.20.1
The operating system my web server runs on is (include version): CentOS Linux release 8.3.2011
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):1.22.0
Nginx configuration:
{
listen 80;
listen 443 ssl http2;
server_name hanarey.com www.hanarey.com;
index index.php index.html index.htm default.php default.htm default.html;
root /www/wwwroot/hanarey.com;
location /.well-known {
root /www/wwwroot/hanarey.com/letsencrypt;
auth_basic off;
try_files $uri =404;
}
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
#HTTP_TO_HTTPS_END
ssl_certificate /www/server/panel/vhost/cert/hanarey.com/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/cert/hanarey.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host$request_uri;
include enable-php-74.conf;
include /www/server/panel/vhost/rewrite/hanarey.com.conf;
#REWRITE-END
location ~ ^/(\.user.ini|\.htaccess|\.git|\.svn|\.project|LICENSE|README.md)
{
return 404;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
expires 30d;
error_log /dev/null;
access_log /dev/null;
}
location ~ .*\.(js|css)?$
{
expires 12h;
error_log /dev/null;
access_log /dev/null;
}
access_log /www/wwwlogs/hanarey.com.log;
error_log /www/wwwlogs/hanarey.com.error.log;
}